User interface for a device requesting remote authorization

ABSTRACT

The present disclosure generally relates to techniques for managing a remote authorization to proceed with an action, such as creating a secure network connection. In some examples, a requesting device receives selection of one or more options. The requesting device transmits a request to proceed with an action to an authenticating device. The authenticating device concurrently displays an indication of the request to proceed with the action, information about the selected one or more options, and an indication of the requesting device. The authenticating device receives authorization to proceed with the action and transmits a response to the requesting device regarding the request to proceed with the action.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims priority to U.S. Provisional Patent No.62/338,994, titled “REMOTE AUTHORIZATION TO PROCEED WITH AN ACTION,”filed May 19, 2016, and U.S. Provisional Patent No. 62/347,852, titled“REMOTE AUTHORIZATION TO PROCEED WITH AN ACTION,” filed Jun. 9, 2016,the contents of which are hereby incorporated by reference in theirentirety.

FIELD

The present disclosure relates generally to computer user interfaces,and more specifically to techniques for managing a remote authorizationto proceed with an action.

BACKGROUND

The use of electronic devices for storing and displaying secureinformation has increased significantly in recent years, such as in theuse of devices for two-factor authentication. For example, a device maystore a secure value. By securely storing the value at the device, thedevice provides the user with a certain level of security. The value issubsequently displayed on a display of the device, and the user may usethe displayed value for performing various tasks using the device.

BRIEF SUMMARY

Some techniques for managing a remote authorization to proceed with anaction using electronic devices are generally cumbersome andinefficient. For example, some existing techniques use a complex andtime-consuming user interface, which may include multiple key presses orkeystrokes. Existing techniques require more time than necessary,wasting user time and device energy. This latter consideration isparticularly important in battery-operated devices.

Accordingly, the present techniques provide electronic devices withfaster, more efficient methods and interfaces for managing a remoteauthorization to proceed with an action. Such methods and interfacesoptionally complement or replace other methods for managing a remoteauthorization to proceed with an action. Such methods and interfacesreduce the cognitive burden on a user and produce a more efficienthuman-machine interface. For battery-operated computing devices, suchmethods and interfaces conserve power and increase the time betweenbattery charges. In some embodiments of the present technique, thetechnique permits a user to take advantage of the hardware capabilitiesof a first device while using (or performing tasks on) a second device(e.g., where the second device does not have the same hardwarecapabilities of the first device). In some embodiments of the presenttechnique, the present technique enables a parent to remotely authorizean action using a first device, where the action was requested (orinitiated) by the parent's child using a second device (e.g., regardlessof the hardware capabilities of the second device). In some embodimentsof the present technique, the techniques helps to maintain a certainlevel of security by avoiding the need to distribute secure data tosystems that do not meet certain security standards (e.g., avoiding theneed to generate or store secure information on a system that does nothave a secure element).

In accordance with some embodiments, a method is described. The methodcomprises: receiving, at a requesting device with a display, selectionof one or more options; receiving, at the requesting device, selectionof an option to proceed with an action associated with the selected oneor more options; transmitting, by the requesting device, a request toproceed with the action, wherein the request includes information aboutthe selected one or more options; receiving, by an authenticating devicewith a display, the request to proceed with the action; concurrentlydisplaying, on the display of the authenticating device: an indicationof the request to proceed with the action, the information about theselected one or more options, and an indication of the requestingdevice; displaying, on the display of the authenticating device, arequest for authorization to proceed with the action; receiving, at theauthenticating device, an input that is responsive to the request forauthorization to proceed with the action; transmitting, by theauthenticating device, a response to the request to proceed with theaction, the response to the request to proceed with the action based onthe input that is responsive to the request for authorization to proceedwith the action; receiving, by the requesting device, the response tothe request to proceed with the action; in accordance with adetermination, at the requesting device, that the response to therequest to proceed with the action indicates that the authorization atthe authenticating device was successful, displaying, on the display ofthe requesting device, an indication that the authorization wassuccessful; and in accordance with a determination, at the requestingdevice, that the response to the request to proceed with the actionindicates that the authorization at the authenticating device was notsuccessful, displaying, on the display of the requesting device, anindication that the authorization was not successful.

In accordance with some embodiments, a method performed at a requestingdevice with a display is described. The method comprises: receivingselection of one or more options associated with an action; receivingselection of an option to proceed with the action associated with theselected one or more options; transmitting, by the requesting device toan authenticating device, a request to proceed with the action, whereinthe request includes information about the selected one or more options,the information about the selected one or more options for display bythe authenticating device; receiving, from the authenticating device, aresponse to the request to proceed with the action, wherein the responseto the request to proceed with the action is indicative of an input atthe authenticating device; and in accordance with a determination thatthe response to the request to proceed with the action indicates that anauthorization at the authenticating device was successful, displaying,on the display of the requesting device, an indication that theauthorization was successful.

In accordance with some embodiments, a requesting device is described.The requesting device includes: a display; one or more processors; andmemory storing one or more programs, wherein the one or more programsare configured to be executed by the one or more processors, the one ormore programs including instructions for: receiving selection of one ormore options associated with an action; receiving selection of an optionto proceed with the action associated with the selected one or moreoptions; transmitting, by the requesting device to an authenticatingdevice, a request to proceed with the action, wherein the requestincludes information about the selected one or more options, theinformation about the selected one or more options for display by theauthenticating device; receiving, from the authenticating device, aresponse to the request to proceed with the action, wherein the responseto the request to proceed with the action is indicative of an input atthe authenticating device; and in accordance with a determination thatthe response to the request to proceed with the action indicates that anauthorization at the authenticating device was successful, displaying,on the display of the requesting device, an indication that theauthorization was successful.

In accordance with some embodiments, a non-transitory computer-readablestorage medium is described. The non-transitory computer-readablestorage medium stores one or more programs that are executable by one ormore processors of a requesting device with a display, the one or moreprograms including instructions for: receiving selection of one or moreoptions associated with an action; receiving selection of an option toproceed with the action associated with the selected one or moreoptions; transmitting, by the requesting device to an authenticatingdevice, a request to proceed with the action, wherein the requestincludes information about the selected one or more options, theinformation about the selected one or more options for display by theauthenticating device; receiving, from the authenticating device, aresponse to the request to proceed with the action, wherein the responseto the request to proceed with the action is indicative of an input atthe authenticating device; and in accordance with a determination thatthe response to the request to proceed with the action indicates that anauthorization at the authenticating device was successful, displaying,on the display of the requesting device, an indication that theauthorization was successful.

In accordance with some embodiments, a transitory computer-readablestorage medium is described. The non-transitory computer-readablestorage medium stores one or more programs that are executable by one ormore processors of a requesting device with a display, the one or moreprograms including instructions for: receiving selection of one or moreoptions associated with an action; receiving selection of an option toproceed with the action associated with the selected one or moreoptions; transmitting, by the requesting device to an authenticatingdevice, a request to proceed with the action, wherein the requestincludes information about the selected one or more options, theinformation about the selected one or more options for display by theauthenticating device; receiving, from the authenticating device, aresponse to the request to proceed with the action, wherein the responseto the request to proceed with the action is indicative of an input atthe authenticating device; and in accordance with a determination thatthe response to the request to proceed with the action indicates that anauthorization at the authenticating device was successful, displaying,on the display of the requesting device, an indication that theauthorization was successful.

In accordance with some embodiments, a requesting device is described.The requesting device includes: a display; means for receiving selectionof one or more options associated with an action; means for receivingselection of an option to proceed with the action associated with theselected one or more options; means for transmitting, by the requestingdevice to an authenticating device, a request to proceed with theaction, wherein the request includes information about the selected oneor more options, the information about the selected one or more optionsfor display by the authenticating device; means for receiving, from theauthenticating device, a response to the request to proceed with theaction, wherein the response to the request to proceed with the actionis indicative of an input at the authenticating device; and means for inaccordance with a determination that the response to the request toproceed with the action indicates that an authorization at theauthenticating device was successful, displaying, on the display of therequesting device, an indication that the authorization was successful.

In accordance with some embodiments, a method performed at anauthenticating device with a display is described. The methodcomprising: receiving, from a requesting device, a request to proceedwith an action, wherein the request includes information regarding theaction and wherein the requesting device and the authenticating deviceare both signed into a service using the same account; concurrentlydisplaying, on the display: an indication of the request to proceed withthe action, the information regarding the action, and an indication ofthe requesting device; displaying a request for authorization to proceedwith the action; and receiving an input that is responsive to therequest for authorization to proceed with the action.

In accordance with some embodiments, an authenticating device isdescribed. The authenticating device includes: a display; one or moreprocessors; and memory storing one or more programs, wherein the one ormore programs are configured to be executed by the one or moreprocessors, the one or more programs including instructions for:receiving, from a requesting device, a request to proceed with anaction, wherein the request includes information regarding the actionand wherein the requesting device and the authenticating device are bothsigned into a service using the same account; concurrently displaying,on the display: an indication of the request to proceed with the action,the information regarding the action, and an indication of therequesting device; displaying a request for authorization to proceedwith the action; and receiving an input that is responsive to therequest for authorization to proceed with the action.

In accordance with some embodiments, a non-transitory computer-readablestorage medium is described. The non-transitory computer-readablestorage medium stores one or more programs that are executable by one ormore processors of an authenticating device with a display, the one ormore programs including instructions for: receiving, from a requestingdevice, a request to proceed with an action, wherein the requestincludes information regarding the action and wherein the requestingdevice and the authenticating device are both signed into a serviceusing the same account; concurrently displaying, on the display: anindication of the request to proceed with the action, the informationregarding the action, and an indication of the requesting device;displaying a request for authorization to proceed with the action; andreceiving an input that is responsive to the request for authorizationto proceed with the action.

In accordance with some embodiments, a transitory computer-readablestorage medium is described. The non-transitory computer-readablestorage medium stores one or more programs that are executable by one ormore processors of an authenticating device with a display, the one ormore programs including instructions for: receiving, from a requestingdevice, a request to proceed with an action, wherein the requestincludes information regarding the action and wherein the requestingdevice and the authenticating device are both signed into a serviceusing the same account; concurrently displaying, on the display: anindication of the request to proceed with the action, the informationregarding the action, and an indication of the requesting device;displaying a request for authorization to proceed with the action; andreceiving an input that is responsive to the request for authorizationto proceed with the action.

In accordance with some embodiments, an authenticating device isdescribed. The authenticating device comprises: a display; means forreceiving, from a requesting device, a request to proceed with anaction, wherein the request includes information regarding the actionand wherein the requesting device and the authenticating device are bothsigned into a service using the same account; means for concurrentlydisplaying, on the display: an indication of the request to proceed withthe action, the information regarding the action, and an indication ofthe requesting device; means for displaying a request for authorizationto proceed with the action; and means for receiving an input that isresponsive to the request for authorization to proceed with the action.

In accordance with some embodiments, a requesting device is described.The requesting device comprises a display unit and a processing unitcoupled to the display unit. The processing unit configured to: receiveselection of one or more options associated with an action; receiveselection of an option to proceed with the action associated with theselected one or more options; transmit, by the requesting device to anauthenticating device, a request to proceed with the action, wherein therequest includes information about the selected one or more options, theinformation about the selected one or more options for display by theauthenticating device; receive, from the authenticating device, aresponse to the request to proceed with the action, wherein the responseto the request to proceed with the action is indicative of an input atthe authenticating device; and in accordance with a determination thatthe response to the request to proceed with the action indicates that anauthorization at the authenticating device was successful, enabledisplay, on the display unit of the requesting device, of an indicationthat the authorization was successful.

In accordance with some embodiments, an authenticating device isdescribed. The authenticating device, comprising a display unit and aprocessing unit coupled to the display unit. The processing unitconfigured to: receive, from a requesting device, a request to proceedwith an action, wherein the request includes information regarding theaction and wherein the requesting device and the authenticating deviceare both signed into a service using the same account; concurrentlyenable display, on the display unit, of: an indication of the request toproceed with the action, the information regarding the action, and anindication of the requesting device; enable display of a request forauthorization to proceed with the action; and receive an input that isresponsive to the request for authorization to proceed with the action.

Executable instructions for performing these functions are, optionally,included in a non-transitory computer-readable storage medium or othercomputer program product configured for execution by one or moreprocessors. Executable instructions for performing these functions are,optionally, included in a transitory computer-readable storage medium orother computer program product configured for execution by one or moreprocessors.

Thus, devices are provided with faster, more efficient methods andinterfaces for managing a remote authorization to proceed with anaction, thereby increasing the effectiveness, efficiency, and usersatisfaction with such devices. Such methods and interfaces maycomplement or replace other methods for managing a remote authorizationto proceed with an action.

DESCRIPTION OF THE FIGURES

For a better understanding of the various described embodiments,reference should be made to the Description of Embodiments below, inconjunction with the following drawings in which like reference numeralsrefer to corresponding parts throughout the figures.

FIG. 1A is a block diagram illustrating a portable multifunction devicewith a touch-sensitive display in accordance with some embodiments.

FIG. 1B is a block diagram illustrating exemplary components for eventhandling in accordance with some embodiments.

FIG. 2 illustrates a portable multifunction device having a touch screenin accordance with some embodiments.

FIG. 3 is a block diagram of an exemplary multifunction device with adisplay and a touch-sensitive surface in accordance with someembodiments.

FIG. 4A illustrates an exemplary user interface for a menu ofapplications on a portable multifunction device in accordance with someembodiments.

FIG. 4B illustrates an exemplary user interface for a multifunctiondevice with a touch-sensitive surface that is separate from the displayin accordance with some embodiments.

FIG. 5A illustrates a personal electronic device in accordance with someembodiments.

FIG. 5B is a block diagram illustrating a personal electronic device inaccordance with some embodiments.

FIGS. 5C-5D illustrate exemplary components of a personal electronicdevice having a touch-sensitive display and intensity sensors inaccordance with some embodiments.

FIGS. 5E-5H illustrate exemplary components and user interfaces of apersonal electronic device in accordance with some embodiments.

FIG. 6 illustrates exemplary devices connected via one or morecommunication channels to complete a payment transaction in accordancewith some embodiments.

FIGS. 7A-7L illustrate exemplary user interfaces for managing a remoteauthorization to proceed with an action, in accordance with someembodiments.

FIGS. 8A-8M illustrate exemplary user interfaces for managing a remoteauthorization to proceed with an action, in accordance with someembodiments.

FIGS. 9A-9D are a flow diagram illustrating a method for managing aremote authorization to proceed with an action, in accordance with someembodiments.

FIGS. 10A-10B are a flow diagram illustrating a method for managing aremote authorization to proceed with an action, in accordance with someembodiments.

FIG. 11 is a flow diagram illustrating a method for managing a remoteauthorization to proceed with an action, in accordance with someembodiments.

FIG. 12 is a functional block diagram of an electronic requesting devicein accordance with some embodiments.

FIG. 13 is a functional block diagram of an electronic authenticatingdevice in accordance with some embodiments.

FIG. 14 is a functional block diagram of an electronic requesting devicein accordance with some embodiments.

FIG. 15 is a functional block diagram of an electronic authenticatingdevice in accordance with some embodiments.

DESCRIPTION OF EMBODIMENTS

The following description sets forth exemplary methods, parameters, andthe like. It should be recognized, however, that such description is notintended as a limitation on the scope of the present disclosure but isinstead provided as a description of exemplary embodiments.

There is a need for electronic devices that provide efficient methodsand interfaces for managing a remote authorization to proceed with anaction. In one example, a user may be using a personal laptop computerthat is not capable of generating a secure value, such as a token, foruse in performing an action, such as for use in creating a securenetwork connection between the laptop computer and a remote server. Theuser's personal smartphone device, however, may be capable of generatingthe token for use in creating the secure network connection. The usermay use their personal smartphone device to remotely authorizeproceeding with the action, which may include the personal smartphonedevice transmitting a token to the remote server or to the personallaptop computer for use in creating the secure network connection. Inanother example, the user may be using a personal laptop computer thatis not capable of generating payment information for use in performingan action, such as for use in a payment transaction. The user's personalsmartphone device, however, may be capable of generating paymentinformation for use in the payment transaction. The user may use theirpersonal smartphone device to remotely authorize proceeding with thepayment transaction, which may include the personal smartphone devicetransmitting payment information to the remote server or to the personallaptop computer for use in the payment transaction. Such techniques canreduce the cognitive burden on a user who uses remote authorization toproceed with an action, thereby enhancing productivity. Further, suchtechniques can reduce processor and battery power otherwise wasted onredundant user inputs.

Below, FIGS. 1A-1B, 2, 3, 4A-4B, 5A-5H, and 6 provide a description ofexemplary devices for performing the techniques for managing a remoteauthorization to proceed with an action. FIG. 6 illustrates exemplarydevices connected via one or more communication channels to complete apayment transaction, in accordance with some embodiments. FIGS. 7A-7Lillustrate exemplary user interfaces for managing a remote authorizationto create a secure network connection. FIGS. 8A-8M illustrate exemplaryuser interfaces for managing a remote authorization to proceed with apayment transaction. FIGS. 9-11 are flow diagrams illustrating methodsof managing a remote authorization to proceed with an action. The userinterfaces in FIGS. 7A-7L are used to illustrate the processes describedbelow, including the processes in FIGS. 9-11. The user interfaces inFIGS. 8A-8M are also used to illustrate the processes described below,including the processes in FIGS. 9-11.

Although the following description uses terms “first,” “second,” etc. todescribe various elements, these elements should not be limited by theterms. These terms are only used to distinguish one element fromanother. For example, a first touch could be termed a second touch, and,similarly, a second touch could be termed a first touch, withoutdeparting from the scope of the various described embodiments. The firsttouch and the second touch are both touches, but they are not the sametouch.

The terminology used in the description of the various describedembodiments herein is for the purpose of describing particularembodiments only and is not intended to be limiting. As used in thedescription of the various described embodiments and the appendedclaims, the singular forms “a,” “an,” and “the” are intended to includethe plural forms as well, unless the context clearly indicatesotherwise. It will also be understood that the term “and/or” as usedherein refers to and encompasses any and all possible combinations ofone or more of the associated listed items. It will be furtherunderstood that the terms “includes,” “including,” “comprises,” and/or“comprising,” when used in this specification, specify the presence ofstated features, integers, steps, operations, elements, and/orcomponents, but do not preclude the presence or addition of one or moreother features, integers, steps, operations, elements, components,and/or groups thereof.

The term “if” is, optionally, construed to mean “when” or “upon” or “inresponse to determining” or “in response to detecting,” depending on thecontext. Similarly, the phrase “if it is determined” or “if [a statedcondition or event] is detected” is, optionally, construed to mean “upondetermining” or “in response to determining” or “upon detecting [thestated condition or event]” or “in response to detecting [the statedcondition or event],” depending on the context.

Embodiments of electronic devices, user interfaces for such devices, andassociated processes for using such devices are described. In someembodiments, the device is a portable communications device, such as amobile telephone, that also contains other functions, such as PDA and/ormusic player functions. Exemplary embodiments of portable multifunctiondevices include, without limitation, the iPhone®, iPod Touch®, and iPad®devices from Apple Inc. of Cupertino, Calif. Other portable electronicdevices, such as laptops or tablet computers with touch-sensitivesurfaces (e.g., touch screen displays and/or touchpads), are,optionally, used. It should also be understood that, in someembodiments, the device is not a portable communications device, but isa desktop computer with a touch-sensitive surface (e.g., a touch screendisplay and/or a touchpad).

In the discussion that follows, an electronic device that includes adisplay and a touch-sensitive surface is described. It should beunderstood, however, that the electronic device optionally includes oneor more other physical user-interface devices, such as a physicalkeyboard, a mouse, and/or a joystick.

The device typically supports a variety of applications, such as one ormore of the following: a drawing application, a presentationapplication, a word processing application, a website creationapplication, a disk authoring application, a spreadsheet application, agaming application, a telephone application, a video conferencingapplication, an e-mail application, an instant messaging application, aworkout support application, a photo management application, a digitalcamera application, a digital video camera application, a web browsingapplication, a digital music player application, and/or a digital videoplayer application.

The various applications that are executed on the device optionally useat least one common physical user-interface device, such as thetouch-sensitive surface. One or more functions of the touch-sensitivesurface as well as corresponding information displayed on the deviceare, optionally, adjusted and/or varied from one application to the nextand/or within a respective application. In this way, a common physicalarchitecture (such as the touch-sensitive surface) of the deviceoptionally supports the variety of applications with user interfacesthat are intuitive and transparent to the user.

Attention is now directed toward embodiments of portable devices withtouch-sensitive displays. FIG. 1A is a block diagram illustratingportable multifunction device 100 with touch-sensitive display system112 in accordance with some embodiments. Touch-sensitive display 112 issometimes called a “touch screen” for convenience and is sometimes knownas or called a “touch-sensitive display system.” Device 100 includesmemory 102 (which optionally includes one or more computer-readablestorage mediums), memory controller 122, one or more processing units(CPUs) 120, peripherals interface 118, RF circuitry 108, audio circuitry110, speaker 111, microphone 113, input/output (I/O) subsystem 106,other input control devices 116, and external port 124. Device 100optionally includes one or more optical sensors 164. Device 100optionally includes one or more contact intensity sensors 165 fordetecting intensity of contacts on device 100 (e.g., a touch-sensitivesurface such as touch-sensitive display system 112 of device 100).Device 100 optionally includes one or more tactile output generators 167for generating tactile outputs on device 100 (e.g., generating tactileoutputs on a touch-sensitive surface such as touch-sensitive displaysystem 112 of device 100 or touchpad 355 of device 300). Thesecomponents optionally communicate over one or more communication busesor signal lines 103.

As used in the specification and claims, the term “intensity” of acontact on a touch-sensitive surface refers to the force or pressure(force per unit area) of a contact (e.g., a finger contact) on thetouch-sensitive surface, or to a substitute (proxy) for the force orpressure of a contact on the touch-sensitive surface. The intensity of acontact has a range of values that includes at least four distinctvalues and more typically includes hundreds of distinct values (e.g., atleast 256). Intensity of a contact is, optionally, determined (ormeasured) using various approaches and various sensors or combinationsof sensors. For example, one or more force sensors underneath oradjacent to the touch-sensitive surface are, optionally, used to measureforce at various points on the touch-sensitive surface. In someimplementations, force measurements from multiple force sensors arecombined (e.g., a weighted average) to determine an estimated force of acontact. Similarly, a pressure-sensitive tip of a stylus is, optionally,used to determine a pressure of the stylus on the touch-sensitivesurface. Alternatively, the size of the contact area detected on thetouch-sensitive surface and/or changes thereto, the capacitance of thetouch-sensitive surface proximate to the contact and/or changes thereto,and/or the resistance of the touch-sensitive surface proximate to thecontact and/or changes thereto are, optionally, used as a substitute forthe force or pressure of the contact on the touch-sensitive surface. Insome implementations, the substitute measurements for contact force orpressure are used directly to determine whether an intensity thresholdhas been exceeded (e.g., the intensity threshold is described in unitscorresponding to the substitute measurements). In some implementations,the substitute measurements for contact force or pressure are convertedto an estimated force or pressure, and the estimated force or pressureis used to determine whether an intensity threshold has been exceeded(e.g., the intensity threshold is a pressure threshold measured in unitsof pressure). Using the intensity of a contact as an attribute of a userinput allows for user access to additional device functionality that mayotherwise not be accessible by the user on a reduced-size device withlimited real estate for displaying affordances (e.g., on atouch-sensitive display) and/or receiving user input (e.g., via atouch-sensitive display, a touch-sensitive surface, or aphysical/mechanical control such as a knob or a button).

As used in the specification and claims, the term “tactile output”refers to physical displacement of a device relative to a previousposition of the device, physical displacement of a component (e.g., atouch-sensitive surface) of a device relative to another component(e.g., housing) of the device, or displacement of the component relativeto a center of mass of the device that will be detected by a user withthe user's sense of touch. For example, in situations where the deviceor the component of the device is in contact with a surface of a userthat is sensitive to touch (e.g., a finger, palm, or other part of auser's hand), the tactile output generated by the physical displacementwill be interpreted by the user as a tactile sensation corresponding toa perceived change in physical characteristics of the device or thecomponent of the device. For example, movement of a touch-sensitivesurface (e.g., a touch-sensitive display or trackpad) is, optionally,interpreted by the user as a “down click” or “up click” of a physicalactuator button. In some cases, a user will feel a tactile sensationsuch as an “down click” or “up click” even when there is no movement ofa physical actuator button associated with the touch-sensitive surfacethat is physically pressed (e.g., displaced) by the user's movements. Asanother example, movement of the touch-sensitive surface is, optionally,interpreted or sensed by the user as “roughness” of the touch-sensitivesurface, even when there is no change in smoothness of thetouch-sensitive surface. While such interpretations of touch by a userwill be subject to the individualized sensory perceptions of the user,there are many sensory perceptions of touch that are common to a largemajority of users. Thus, when a tactile output is described ascorresponding to a particular sensory perception of a user (e.g., an “upclick,” a “down click,” “roughness”), unless otherwise stated, thegenerated tactile output corresponds to physical displacement of thedevice or a component thereof that will generate the described sensoryperception for a typical (or average) user.

It should be appreciated that device 100 is only one example of aportable multifunction device, and that device 100 optionally has moreor fewer components than shown, optionally combines two or morecomponents, or optionally has a different configuration or arrangementof the components. The various components shown in FIG. 1A areimplemented in hardware, software, or a combination of both hardware andsoftware, including one or more signal processing and/orapplication-specific integrated circuits.

Memory 102 optionally includes high-speed random access memory andoptionally also includes non-volatile memory, such as one or moremagnetic disk storage devices, flash memory devices, or othernon-volatile solid-state memory devices. Memory controller 122optionally controls access to memory 102 by other components of device100.

Peripherals interface 118 can be used to couple input and outputperipherals of the device to CPU 120 and memory 102. The one or moreprocessors 120 run or execute various software programs and/or sets ofinstructions stored in memory 102 to perform various functions fordevice 100 and to process data. In some embodiments, peripheralsinterface 118, CPU 120, and memory controller 122 are, optionally,implemented on a single chip, such as chip 104. In some otherembodiments, they are, optionally, implemented on separate chips.

RF (radio frequency) circuitry 108 receives and sends RF signals, alsocalled electromagnetic signals. RF circuitry 108 converts electricalsignals to/from electromagnetic signals and communicates withcommunications networks and other communications devices via theelectromagnetic signals. RF circuitry 108 optionally includes well-knowncircuitry for performing these functions, including but not limited toan antenna system, an RF transceiver, one or more amplifiers, a tuner,one or more oscillators, a digital signal processor, a CODEC chipset, asubscriber identity module (SIM) card, memory, and so forth. RFcircuitry 108 optionally communicates with networks, such as theInternet, also referred to as the World Wide Web (WWW), an intranetand/or a wireless network, such as a cellular telephone network, awireless local area network (LAN) and/or a metropolitan area network(MAN), and other devices by wireless communication. The RF circuitry 108optionally includes well-known circuitry for detecting near fieldcommunication (NFC) fields, such as by a short-range communicationradio. The wireless communication optionally uses any of a plurality ofcommunications standards, protocols, and technologies, including but notlimited to Global System for Mobile Communications (GSM), Enhanced DataGSM Environment (EDGE), high-speed downlink packet access (HSDPA),high-speed uplink packet access (HSUPA), Evolution, Data-Only (EV-DO),HSPA, HSPA+, Dual-Cell HSPA (DC-HSPDA), long term evolution (LTE), nearfield communication (NFC), wideband code division multiple access(W-CDMA), code division multiple access (CDMA), time division multipleaccess (TDMA), Bluetooth, Bluetooth Low Energy (BTLE), Wireless Fidelity(Wi-Fi) (e.g., IEEE 802.11a, IEEE 802.11b, IEEE 802.11g, IEEE 802.11n,and/or IEEE 802.11ac), voice over Internet Protocol (VoIP), Wi-MAX, aprotocol for e-mail (e.g., Internet message access protocol (IMAP)and/or post office protocol (POP)), instant messaging (e.g., extensiblemessaging and presence protocol (XMPP), Session Initiation Protocol forInstant Messaging and Presence Leveraging Extensions (SIMPLE), InstantMessaging and Presence Service (IMPS)), and/or Short Message Service(SMS), or any other suitable communication protocol, includingcommunication protocols not yet developed as of the filing date of thisdocument.

Audio circuitry 110, speaker 111, and microphone 113 provide an audiointerface between a user and device 100. Audio circuitry 110 receivesaudio data from peripherals interface 118, converts the audio data to anelectrical signal, and transmits the electrical signal to speaker 111.Speaker 111 converts the electrical signal to human-audible sound waves.Audio circuitry 110 also receives electrical signals converted bymicrophone 113 from sound waves. Audio circuitry 110 converts theelectrical signal to audio data and transmits the audio data toperipherals interface 118 for processing. Audio data is, optionally,retrieved from and/or transmitted to memory 102 and/or RF circuitry 108by peripherals interface 118. In some embodiments, audio circuitry 110also includes a headset jack (e.g., 212, FIG. 2). The headset jackprovides an interface between audio circuitry 110 and removable audioinput/output peripherals, such as output-only headphones or a headsetwith both output (e.g., a headphone for one or both ears) and input(e.g., a microphone).

I/O subsystem 106 couples input/output peripherals on device 100, suchas touch screen 112 and other input control devices 116, to peripheralsinterface 118. I/O subsystem 106 optionally includes display controller156, optical sensor controller 158, intensity sensor controller 159,haptic feedback controller 161, and one or more input controllers 160for other input or control devices. The one or more input controllers160 receive/send electrical signals from/to other input control devices116. The other input control devices 116 optionally include physicalbuttons (e.g., push buttons, rocker buttons, etc.), dials, sliderswitches, joysticks, click wheels, and so forth. In some alternateembodiments, input controller(s) 160 are, optionally, coupled to any (ornone) of the following: a keyboard, an infrared port, a USB port, and apointer device such as a mouse. The one or more buttons (e.g., 208, FIG.2) optionally include an up/down button for volume control of speaker111 and/or microphone 113. The one or more buttons optionally include apush button (e.g., 206, FIG. 2).

A quick press of the push button optionally disengages a lock of touchscreen 112 or optionally begins a process that uses gestures on thetouch screen to unlock the device, as described in U.S. patentapplication Ser. No. 11/322,549, “Unlocking a Device by PerformingGestures on an Unlock Image,” filed Dec. 23, 2005, U.S. Pat. No.7,657,849, which is hereby incorporated by reference in its entirety. Alonger press of the push button (e.g., 206) optionally turns power todevice 100 on or off. The functionality of one or more of the buttonsare, optionally, user-customizable. Touch screen 112 is used toimplement virtual or soft buttons and one or more soft keyboards.

Touch-sensitive display 112 provides an input interface and an outputinterface between the device and a user. Display controller 156 receivesand/or sends electrical signals from/to touch screen 112. Touch screen112 displays visual output to the user. The visual output optionallyincludes graphics, text, icons, video, and any combination thereof(collectively termed “graphics”). In some embodiments, some or all ofthe visual output optionally corresponds to user-interface objects.

Touch screen 112 has a touch-sensitive surface, sensor, or set ofsensors that accepts input from the user based on haptic and/or tactilecontact. Touch screen 112 and display controller 156 (along with anyassociated modules and/or sets of instructions in memory 102) detectcontact (and any movement or breaking of the contact) on touch screen112 and convert the detected contact into interaction withuser-interface objects (e.g., one or more soft keys, icons, web pages,or images) that are displayed on touch screen 112. In an exemplaryembodiment, a point of contact between touch screen 112 and the usercorresponds to a finger of the user.

Touch screen 112 optionally uses LCD (liquid crystal display)technology, LPD (light emitting polymer display) technology, or LED(light emitting diode) technology, although other display technologiesare used in other embodiments. Touch screen 112 and display controller156 optionally detect contact and any movement or breaking thereof usingany of a plurality of touch sensing technologies now known or laterdeveloped, including but not limited to capacitive, resistive, infrared,and surface acoustic wave technologies, as well as other proximitysensor arrays or other elements for determining one or more points ofcontact with touch screen 112. In an exemplary embodiment, projectedmutual capacitance sensing technology is used, such as that found in theiPhone® and iPod Touch® from Apple Inc. of Cupertino, Calif.

A touch-sensitive display in some embodiments of touch screen 112 is,optionally, analogous to the multi-touch sensitive touchpads describedin the following U.S. Pat. No. 6,323,846 (Westerman et al.), U.S. Pat.No. 6,570,557 (Westerman et al.), and/or U.S. Pat. No. 6,677,932(Westerman), and/or U.S. Patent Publication 2002/0015024A1, each ofwhich is hereby incorporated by reference in its entirety. However,touch screen 112 displays visual output from device 100, whereastouch-sensitive touchpads do not provide visual output.

A touch-sensitive display in some embodiments of touch screen 112 isdescribed in the following applications: (1) U.S. patent applicationSer. No. 11/381,313, “Multipoint Touch Surface Controller,” filed May 2,2006; (2) U.S. patent application Ser. No. 10/840,862, “MultipointTouchscreen,” filed May 6, 2004; (3) U.S. patent application Ser. No.10/903,964, “Gestures For Touch Sensitive Input Devices,” filed Jul. 30,2004; (4) U.S. patent application Ser. No. 11/048,264, “Gestures ForTouch Sensitive Input Devices,” filed Jan. 31, 2005; (5) U.S. patentapplication Ser. No. 11/038,590, “Mode-Based Graphical User InterfacesFor Touch Sensitive Input Devices,” filed Jan. 18, 2005; (6) U.S. patentapplication Ser. No. 11/228,758, “Virtual Input Device Placement On ATouch Screen User Interface,” filed Sep. 16, 2005; (7) U.S. patentapplication Ser. No. 11/228,700, “Operation Of A Computer With A TouchScreen Interface,” filed Sep. 16, 2005; (8) U.S. patent application Ser.No. 11/228,737, “Activating Virtual Keys Of A Touch-Screen VirtualKeyboard,” filed Sep. 16, 2005; and (9) U.S. patent application Ser. No.11/367,749, “Multi-Functional Hand-Held Device,” filed Mar. 3, 2006. Allof these applications are incorporated by reference herein in theirentirety.

Touch screen 112 optionally has a video resolution in excess of 100 dpi.In some embodiments, the touch screen has a video resolution ofapproximately 160 dpi. The user optionally makes contact with touchscreen 112 using any suitable object or appendage, such as a stylus, afinger, and so forth. In some embodiments, the user interface isdesigned to work primarily with finger-based contacts and gestures,which can be less precise than stylus-based input due to the larger areaof contact of a finger on the touch screen. In some embodiments, thedevice translates the rough finger-based input into a precisepointer/cursor position or command for performing the actions desired bythe user.

In some embodiments, in addition to the touch screen, device 100optionally includes a touchpad (not shown) for activating ordeactivating particular functions. In some embodiments, the touchpad isa touch-sensitive area of the device that, unlike the touch screen, doesnot display visual output. The touchpad is, optionally, atouch-sensitive surface that is separate from touch screen 112 or anextension of the touch-sensitive surface formed by the touch screen.

Device 100 also includes power system 162 for powering the variouscomponents. Power system 162 optionally includes a power managementsystem, one or more power sources (e.g., battery, alternating current(AC)), a recharging system, a power failure detection circuit, a powerconverter or inverter, a power status indicator (e.g., a light-emittingdiode (LED)) and any other components associated with the generation,management and distribution of power in portable devices.

Device 100 optionally also includes one or more optical sensors 164.FIG. 1A shows an optical sensor coupled to optical sensor controller 158in I/O subsystem 106. Optical sensor 164 optionally includescharge-coupled device (CCD) or complementary metal-oxide semiconductor(CMOS) phototransistors. Optical sensor 164 receives light from theenvironment, projected through one or more lenses, and converts thelight to data representing an image. In conjunction with imaging module143 (also called a camera module), optical sensor 164 optionallycaptures still images or video. In some embodiments, an optical sensoris located on the back of device 100, opposite touch screen display 112on the front of the device so that the touch screen display is enabledfor use as a viewfinder for still and/or video image acquisition. Insome embodiments, an optical sensor is located on the front of thedevice so that the user's image is, optionally, obtained for videoconferencing while the user views the other video conferenceparticipants on the touch screen display. In some embodiments, theposition of optical sensor 164 can be changed by the user (e.g., byrotating the lens and the sensor in the device housing) so that a singleoptical sensor 164 is used along with the touch screen display for bothvideo conferencing and still and/or video image acquisition.

Device 100 optionally also includes one or more contact intensitysensors 165. FIG. 1A shows a contact intensity sensor coupled tointensity sensor controller 159 in I/O subsystem 106. Contact intensitysensor 165 optionally includes one or more piezoresistive strain gauges,capacitive force sensors, electric force sensors, piezoelectric forcesensors, optical force sensors, capacitive touch-sensitive surfaces, orother intensity sensors (e.g., sensors used to measure the force (orpressure) of a contact on a touch-sensitive surface). Contact intensitysensor 165 receives contact intensity information (e.g., pressureinformation or a proxy for pressure information) from the environment.In some embodiments, at least one contact intensity sensor is collocatedwith, or proximate to, a touch-sensitive surface (e.g., touch-sensitivedisplay system 112). In some embodiments, at least one contact intensitysensor is located on the back of device 100, opposite touch screendisplay 112, which is located on the front of device 100.

Device 100 optionally also includes one or more proximity sensors 166.FIG. 1A shows proximity sensor 166 coupled to peripherals interface 118.Alternately, proximity sensor 166 is, optionally, coupled to inputcontroller 160 in I/O subsystem 106. Proximity sensor 166 optionallyperforms as described in U.S. patent application Ser. No. 11/241,839,“Proximity Detector In Handheld Device”; Ser. No. 11/240,788, “ProximityDetector In Handheld Device”; Ser. No. 11/620,702, “Using Ambient LightSensor To Augment Proximity Sensor Output”; Ser. No. 11/586,862,“Automated Response To And Sensing Of User Activity In PortableDevices”; and Ser. No. 11/638,251, “Methods And Systems For AutomaticConfiguration Of Peripherals,” which are hereby incorporated byreference in their entirety. In some embodiments, the proximity sensorturns off and disables touch screen 112 when the multifunction device isplaced near the user's ear (e.g., when the user is making a phone call).

Device 100 optionally also includes one or more tactile outputgenerators 167. FIG. 1A shows a tactile output generator coupled tohaptic feedback controller 161 in I/O subsystem 106. Tactile outputgenerator 167 optionally includes one or more electroacoustic devicessuch as speakers or other audio components and/or electromechanicaldevices that convert energy into linear motion such as a motor,solenoid, electroactive polymer, piezoelectric actuator, electrostaticactuator, or other tactile output generating component (e.g., acomponent that converts electrical signals into tactile outputs on thedevice). Contact intensity sensor 165 receives tactile feedbackgeneration instructions from haptic feedback module 133 and generatestactile outputs on device 100 that are capable of being sensed by a userof device 100. In some embodiments, at least one tactile outputgenerator is collocated with, or proximate to, a touch-sensitive surface(e.g., touch-sensitive display system 112) and, optionally, generates atactile output by moving the touch-sensitive surface vertically (e.g.,in/out of a surface of device 100) or laterally (e.g., back and forth inthe same plane as a surface of device 100). In some embodiments, atleast one tactile output generator sensor is located on the back ofdevice 100, opposite touch screen display 112, which is located on thefront of device 100.

Device 100 optionally also includes one or more accelerometers 168. FIG.1A shows accelerometer 168 coupled to peripherals interface 118.Alternately, accelerometer 168 is, optionally, coupled to an inputcontroller 160 in I/O subsystem 106. Accelerometer 168 optionallyperforms as described in U.S. Patent Publication No. 20050190059,“Acceleration-based Theft Detection System for Portable ElectronicDevices,” and U.S. Patent Publication No. 20060017692, “Methods AndApparatuses For Operating A Portable Device Based On An Accelerometer,”both of which are incorporated by reference herein in their entirety. Insome embodiments, information is displayed on the touch screen displayin a portrait view or a landscape view based on an analysis of datareceived from the one or more accelerometers. Device 100 optionallyincludes, in addition to accelerometer(s) 168, a magnetometer (notshown) and a GPS (or GLONASS or other global navigation system) receiver(not shown) for obtaining information concerning the location andorientation (e.g., portrait or landscape) of device 100.

In some embodiments, the software components stored in memory 102include operating system 126, communication module (or set ofinstructions) 128, contact/motion module (or set of instructions) 130,graphics module (or set of instructions) 132, text input module (or setof instructions) 134, Global Positioning System (GPS) module (or set ofinstructions) 135, and applications (or sets of instructions) 136.Furthermore, in some embodiments, memory 102 (FIG. 1A) or 370 (FIG. 3)stores device/global internal state 157, as shown in FIGS. 1A and 3.Device/global internal state 157 includes one or more of: activeapplication state, indicating which applications, if any, are currentlyactive; display state, indicating what applications, views or otherinformation occupy various regions of touch screen display 112; sensorstate, including information obtained from the device's various sensorsand input control devices 116; and location information concerning thedevice's location and/or attitude.

Operating system 126 (e.g., Darwin, RTXC, LINUX, UNIX, OS X, iOS,WINDOWS, or an embedded operating system such as VxWorks) includesvarious software components and/or drivers for controlling and managinggeneral system tasks (e.g., memory management, storage device control,power management, etc.) and facilitates communication between varioushardware and software components.

Communication module 128 facilitates communication with other devicesover one or more external ports 124 and also includes various softwarecomponents for handling data received by RF circuitry 108 and/orexternal port 124. External port 124 (e.g., Universal Serial Bus (USB),FIREWIRE, etc.) is adapted for coupling directly to other devices orindirectly over a network (e.g., the Internet, wireless LAN, etc.). Insome embodiments, the external port is a multi-pin (e.g., 30-pin)connector that is the same as, or similar to and/or compatible with, the30-pin connector used on iPod® (trademark of Apple Inc.) devices.

Contact/motion module 130 optionally detects contact with touch screen112 (in conjunction with display controller 156) and othertouch-sensitive devices (e.g., a touchpad or physical click wheel).Contact/motion module 130 includes various software components forperforming various operations related to detection of contact, such asdetermining if contact has occurred (e.g., detecting a finger-downevent), determining an intensity of the contact (e.g., the force orpressure of the contact or a substitute for the force or pressure of thecontact), determining if there is movement of the contact and trackingthe movement across the touch-sensitive surface (e.g., detecting one ormore finger-dragging events), and determining if the contact has ceased(e.g., detecting a finger-up event or a break in contact).Contact/motion module 130 receives contact data from the touch-sensitivesurface. Determining movement of the point of contact, which isrepresented by a series of contact data, optionally includes determiningspeed (magnitude), velocity (magnitude and direction), and/or anacceleration (a change in magnitude and/or direction) of the point ofcontact. These operations are, optionally, applied to single contacts(e.g., one finger contacts) or to multiple simultaneous contacts (e.g.,“multitouch”/multiple finger contacts). In some embodiments,contact/motion module 130 and display controller 156 detect contact on atouchpad.

In some embodiments, contact/motion module 130 uses a set of one or moreintensity thresholds to determine whether an operation has beenperformed by a user (e.g., to determine whether a user has “clicked” onan icon). In some embodiments, at least a subset of the intensitythresholds are determined in accordance with software parameters (e.g.,the intensity thresholds are not determined by the activation thresholdsof particular physical actuators and can be adjusted without changingthe physical hardware of device 100). For example, a mouse “click”threshold of a trackpad or touch screen display can be set to any of alarge range of predefined threshold values without changing the trackpador touch screen display hardware. Additionally, in some implementations,a user of the device is provided with software settings for adjustingone or more of the set of intensity thresholds (e.g., by adjustingindividual intensity thresholds and/or by adjusting a plurality ofintensity thresholds at once with a system-level click “intensity”parameter).

Contact/motion module 130 optionally detects a gesture input by a user.Different gestures on the touch-sensitive surface have different contactpatterns (e.g., different motions, timings, and/or intensities ofdetected contacts). Thus, a gesture is, optionally, detected bydetecting a particular contact pattern. For example, detecting a fingertap gesture includes detecting a finger-down event followed by detectinga finger-up (liftoff) event at the same position (or substantially thesame position) as the finger-down event (e.g., at the position of anicon). As another example, detecting a finger swipe gesture on thetouch-sensitive surface includes detecting a finger-down event followedby detecting one or more finger-dragging events, and subsequentlyfollowed by detecting a finger-up (liftoff) event.

Graphics module 132 includes various known software components forrendering and displaying graphics on touch screen 112 or other display,including components for changing the visual impact (e.g., brightness,transparency, saturation, contrast, or other visual property) ofgraphics that are displayed. As used herein, the term “graphics”includes any object that can be displayed to a user, including, withoutlimitation, text, web pages, icons (such as user-interface objectsincluding soft keys), digital images, videos, animations, and the like.

In some embodiments, graphics module 132 stores data representinggraphics to be used. Each graphic is, optionally, assigned acorresponding code. Graphics module 132 receives, from applicationsetc., one or more codes specifying graphics to be displayed along with,if necessary, coordinate data and other graphic property data, and thengenerates screen image data to output to display controller 156.

Haptic feedback module 133 includes various software components forgenerating instructions used by tactile output generator(s) 167 toproduce tactile outputs at one or more locations on device 100 inresponse to user interactions with device 100.

Text input module 134, which is, optionally, a component of graphicsmodule 132, provides soft keyboards for entering text in variousapplications (e.g., contacts 137, e-mail 140, IM 141, browser 147, andany other application that needs text input).

GPS module 135 determines the location of the device and provides thisinformation for use in various applications (e.g., to telephone 138 foruse in location-based dialing; to camera 143 as picture/video metadata;and to applications that provide location-based services such as weatherwidgets, local yellow page widgets, and map/navigation widgets).

Applications 136 optionally include the following modules (or sets ofinstructions), or a subset or superset thereof:

-   -   Contacts module 137 (sometimes called an address book or contact        list);    -   Telephone module 138;    -   Video conference module 139;    -   E-mail client module 140;    -   Instant messaging (IM) module 141;    -   Workout support module 142;    -   Camera module 143 for still and/or video images;    -   Image management module 144;    -   Video player module;    -   Music player module;    -   Browser module 147;    -   Calendar module 148;    -   Widget modules 149, which optionally include one or more of:        weather widget 149-1, stocks widget 149-2, calculator widget        149-3, alarm clock widget 149-4, dictionary widget 149-5, and        other widgets obtained by the user, as well as user-created        widgets 149-6;    -   Widget creator module 150 for making user-created widgets 149-6;    -   Search module 151;    -   Video and music player module 152, which merges video player        module and music player module;    -   Notes module 153;    -   Map module 154; and/or    -   Online video module 155.

Examples of other applications 136 that are, optionally, stored inmemory 102 include other word processing applications, other imageediting applications, drawing applications, presentation applications,JAVA-enabled applications, encryption, digital rights management, voicerecognition, and voice replication.

In conjunction with touch screen 112, display controller 156,contact/motion module 130, graphics module 132, and text input module134, contacts module 137 are, optionally, used to manage an address bookor contact list (e.g., stored in application internal state 192 ofcontacts module 137 in memory 102 or memory 370), including: addingname(s) to the address book; deleting name(s) from the address book;associating telephone number(s), e-mail address(es), physicaladdress(es) or other information with a name; associating an image witha name; categorizing and sorting names; providing telephone numbers ore-mail addresses to initiate and/or facilitate communications bytelephone 138, video conference module 139, e-mail 140, or IM 141; andso forth.

In conjunction with RF circuitry 108, audio circuitry 110, speaker 111,microphone 113, touch screen 112, display controller 156, contact/motionmodule 130, graphics module 132, and text input module 134, telephonemodule 138 are optionally, used to enter a sequence of characterscorresponding to a telephone number, access one or more telephonenumbers in contacts module 137, modify a telephone number that has beenentered, dial a respective telephone number, conduct a conversation, anddisconnect or hang up when the conversation is completed. As notedabove, the wireless communication optionally uses any of a plurality ofcommunications standards, protocols, and technologies.

In conjunction with RF circuitry 108, audio circuitry 110, speaker 111,microphone 113, touch screen 112, display controller 156, optical sensor164, optical sensor controller 158, contact/motion module 130, graphicsmodule 132, text input module 134, contacts module 137, and telephonemodule 138, video conference module 139 includes executable instructionsto initiate, conduct, and terminate a video conference between a userand one or more other participants in accordance with user instructions.

In conjunction with RF circuitry 108, touch screen 112, displaycontroller 156, contact/motion module 130, graphics module 132, and textinput module 134, e-mail client module 140 includes executableinstructions to create, send, receive, and manage e-mail in response touser instructions. In conjunction with image management module 144,e-mail client module 140 makes it very easy to create and send e-mailswith still or video images taken with camera module 143.

In conjunction with RF circuitry 108, touch screen 112, displaycontroller 156, contact/motion module 130, graphics module 132, and textinput module 134, the instant messaging module 141 includes executableinstructions to enter a sequence of characters corresponding to aninstant message, to modify previously entered characters, to transmit arespective instant message (for example, using a Short Message Service(SMS) or Multimedia Message Service (MMS) protocol for telephony-basedinstant messages or using XMPP, SIMPLE, or IMPS for Internet-basedinstant messages), to receive instant messages, and to view receivedinstant messages. In some embodiments, transmitted and/or receivedinstant messages optionally include graphics, photos, audio files, videofiles and/or other attachments as are supported in an MMS and/or anEnhanced Messaging Service (EMS). As used herein, “instant messaging”refers to both telephony-based messages (e.g., messages sent using SMSor MMS) and Internet-based messages (e.g., messages sent using XMPP,SIMPLE, or IMPS).

In conjunction with RF circuitry 108, touch screen 112, displaycontroller 156, contact/motion module 130, graphics module 132, textinput module 134, GPS module 135, map module 154, and music playermodule, workout support module 142 includes executable instructions tocreate workouts (e.g., with time, distance, and/or calorie burninggoals); communicate with workout sensors (sports devices); receiveworkout sensor data; calibrate sensors used to monitor a workout; selectand play music for a workout; and display, store, and transmit workoutdata.

In conjunction with touch screen 112, display controller 156, opticalsensor(s) 164, optical sensor controller 158, contact/motion module 130,graphics module 132, and image management module 144, camera module 143includes executable instructions to capture still images or video(including a video stream) and store them into memory 102, modifycharacteristics of a still image or video, or delete a still image orvideo from memory 102.

In conjunction with touch screen 112, display controller 156,contact/motion module 130, graphics module 132, text input module 134,and camera module 143, image management module 144 includes executableinstructions to arrange, modify (e.g., edit), or otherwise manipulate,label, delete, present (e.g., in a digital slide show or album), andstore still and/or video images.

In conjunction with RF circuitry 108, touch screen 112, displaycontroller 156, contact/motion module 130, graphics module 132, and textinput module 134, browser module 147 includes executable instructions tobrowse the Internet in accordance with user instructions, includingsearching, linking to, receiving, and displaying web pages or portionsthereof, as well as attachments and other files linked to web pages.

In conjunction with RF circuitry 108, touch screen 112, displaycontroller 156, contact/motion module 130, graphics module 132, textinput module 134, e-mail client module 140, and browser module 147,calendar module 148 includes executable instructions to create, display,modify, and store calendars and data associated with calendars (e.g.,calendar entries, to-do lists, etc.) in accordance with userinstructions.

In conjunction with RF circuitry 108, touch screen 112, displaycontroller 156, contact/motion module 130, graphics module 132, textinput module 134, and browser module 147, widget modules 149 aremini-applications that are, optionally, downloaded and used by a user(e.g., weather widget 149-1, stocks widget 149-2, calculator widget149-3, alarm clock widget 149-4, and dictionary widget 149-5) or createdby the user (e.g., user-created widget 149-6). In some embodiments, awidget includes an HTML (Hypertext Markup Language) file, a CSS(Cascading Style Sheets) file, and a JavaScript file. In someembodiments, a widget includes an XML (Extensible Markup Language) fileand a JavaScript file (e.g., Yahoo! Widgets).

In conjunction with RF circuitry 108, touch screen 112, displaycontroller 156, contact/motion module 130, graphics module 132, textinput module 134, and browser module 147, the widget creator module 150are, optionally, used by a user to create widgets (e.g., turning auser-specified portion of a web page into a widget).

In conjunction with touch screen 112, display controller 156,contact/motion module 130, graphics module 132, and text input module134, search module 151 includes executable instructions to search fortext, music, sound, image, video, and/or other files in memory 102 thatmatch one or more search criteria (e.g., one or more user-specifiedsearch terms) in accordance with user instructions.

In conjunction with touch screen 112, display controller 156,contact/motion module 130, graphics module 132, audio circuitry 110,speaker 111, RF circuitry 108, and browser module 147, video and musicplayer module 152 includes executable instructions that allow the userto download and play back recorded music and other sound files stored inone or more file formats, such as MP3 or AAC files, and executableinstructions to display, present, or otherwise play back videos (e.g.,on touch screen 112 or on an external, connected display via externalport 124). In some embodiments, device 100 optionally includes thefunctionality of an MP3 player, such as an iPod (trademark of AppleInc.).

In conjunction with touch screen 112, display controller 156,contact/motion module 130, graphics module 132, and text input module134, notes module 153 includes executable instructions to create andmanage notes, to-do lists, and the like in accordance with userinstructions.

In conjunction with RF circuitry 108, touch screen 112, displaycontroller 156, contact/motion module 130, graphics module 132, textinput module 134, GPS module 135, and browser module 147, map module 154are, optionally, used to receive, display, modify, and store maps anddata associated with maps (e.g., driving directions, data on stores andother points of interest at or near a particular location, and otherlocation-based data) in accordance with user instructions.

In conjunction with touch screen 112, display controller 156,contact/motion module 130, graphics module 132, audio circuitry 110,speaker 111, RF circuitry 108, text input module 134, e-mail clientmodule 140, and browser module 147, online video module 155 includesinstructions that allow the user to access, browse, receive (e.g., bystreaming and/or download), play back (e.g., on the touch screen or onan external, connected display via external port 124), send an e-mailwith a link to a particular online video, and otherwise manage onlinevideos in one or more file formats, such as H.264. In some embodiments,instant messaging module 141, rather than e-mail client module 140, isused to send a link to a particular online video. Additional descriptionof the online video application can be found in U.S. Provisional PatentApplication No. 60/936,562, “Portable Multifunction Device, Method, andGraphical User Interface for Playing Online Videos,” filed Jun. 20,2007, and U.S. patent application Ser. No. 11/968,067, “PortableMultifunction Device, Method, and Graphical User Interface for PlayingOnline Videos,” filed Dec. 31, 2007, the contents of which are herebyincorporated by reference in their entirety.

Each of the above-identified modules and applications corresponds to aset of executable instructions for performing one or more functionsdescribed above and the methods described in this application (e.g., thecomputer-implemented methods and other information processing methodsdescribed herein). These modules (e.g., sets of instructions) need notbe implemented as separate software programs, procedures, or modules,and thus various subsets of these modules are, optionally, combined orotherwise rearranged in various embodiments. For example, video playermodule is, optionally, combined with music player module into a singlemodule (e.g., video and music player module 152, FIG. 1A). In someembodiments, memory 102 optionally stores a subset of the modules anddata structures identified above. Furthermore, memory 102 optionallystores additional modules and data structures not described above.

In some embodiments, device 100 is a device where operation of apredefined set of functions on the device is performed exclusivelythrough a touch screen and/or a touchpad. By using a touch screen and/ora touchpad as the primary input control device for operation of device100, the number of physical input control devices (such as push buttons,dials, and the like) on device 100 is, optionally, reduced.

The predefined set of functions that are performed exclusively through atouch screen and/or a touchpad optionally include navigation betweenuser interfaces. In some embodiments, the touchpad, when touched by theuser, navigates device 100 to a main, home, or root menu from any userinterface that is displayed on device 100. In such embodiments, a “menubutton” is implemented using a touchpad. In some other embodiments, themenu button is a physical push button or other physical input controldevice instead of a touchpad.

FIG. 1B is a block diagram illustrating exemplary components for eventhandling in accordance with some embodiments. In some embodiments,memory 102 (FIG. 1A) or 370 (FIG. 3) includes event sorter 170 (e.g., inoperating system 126) and a respective application 136-1 (e.g., any ofthe aforementioned applications 137-151, 155, 380-390).

Event sorter 170 receives event information and determines theapplication 136-1 and application view 191 of application 136-1 to whichto deliver the event information. Event sorter 170 includes eventmonitor 171 and event dispatcher module 174. In some embodiments,application 136-1 includes application internal state 192, whichindicates the current application view(s) displayed on touch-sensitivedisplay 112 when the application is active or executing. In someembodiments, device/global internal state 157 is used by event sorter170 to determine which application(s) is (are) currently active, andapplication internal state 192 is used by event sorter 170 to determineapplication views 191 to which to deliver event information.

In some embodiments, application internal state 192 includes additionalinformation, such as one or more of: resume information to be used whenapplication 136-1 resumes execution, user interface state informationthat indicates information being displayed or that is ready for displayby application 136-1, a state queue for enabling the user to go back toa prior state or view of application 136-1, and a redo/undo queue ofprevious actions taken by the user.

Event monitor 171 receives event information from peripherals interface118. Event information includes information about a sub-event (e.g., auser touch on touch-sensitive display 112, as part of a multi-touchgesture). Peripherals interface 118 transmits information it receivesfrom I/O subsystem 106 or a sensor, such as proximity sensor 166,accelerometer(s) 168, and/or microphone 113 (through audio circuitry110). Information that peripherals interface 118 receives from I/Osubsystem 106 includes information from touch-sensitive display 112 or atouch-sensitive surface.

In some embodiments, event monitor 171 sends requests to the peripheralsinterface 118 at predetermined intervals. In response, peripheralsinterface 118 transmits event information. In other embodiments,peripherals interface 118 transmits event information only when there isa significant event (e.g., receiving an input above a predeterminednoise threshold and/or for more than a predetermined duration).

In some embodiments, event sorter 170 also includes a hit viewdetermination module 172 and/or an active event recognizer determinationmodule 173.

Hit view determination module 172 provides software procedures fordetermining where a sub-event has taken place within one or more viewswhen touch-sensitive display 112 displays more than one view. Views aremade up of controls and other elements that a user can see on thedisplay.

Another aspect of the user interface associated with an application is aset of views, sometimes herein called application views or userinterface windows, in which information is displayed and touch-basedgestures occur. The application views (of a respective application) inwhich a touch is detected optionally correspond to programmatic levelswithin a programmatic or view hierarchy of the application. For example,the lowest level view in which a touch is detected is, optionally,called the hit view, and the set of events that are recognized as properinputs are, optionally, determined based, at least in part, on the hitview of the initial touch that begins a touch-based gesture.

Hit view determination module 172 receives information related tosub-events of a touch-based gesture. When an application has multipleviews organized in a hierarchy, hit view determination module 172identifies a hit view as the lowest view in the hierarchy which shouldhandle the sub-event. In most circumstances, the hit view is the lowestlevel view in which an initiating sub-event occurs (e.g., the firstsub-event in the sequence of sub-events that form an event or potentialevent). Once the hit view is identified by the hit view determinationmodule 172, the hit view typically receives all sub-events related tothe same touch or input source for which it was identified as the hitview.

Active event recognizer determination module 173 determines which viewor views within a view hierarchy should receive a particular sequence ofsub-events. In some embodiments, active event recognizer determinationmodule 173 determines that only the hit view should receive a particularsequence of sub-events. In other embodiments, active event recognizerdetermination module 173 determines that all views that include thephysical location of a sub-event are actively involved views, andtherefore determines that all actively involved views should receive aparticular sequence of sub-events. In other embodiments, even if touchsub-events were entirely confined to the area associated with oneparticular view, views higher in the hierarchy would still remain asactively involved views.

Event dispatcher module 174 dispatches the event information to an eventrecognizer (e.g., event recognizer 180). In embodiments including activeevent recognizer determination module 173, event dispatcher module 174delivers the event information to an event recognizer determined byactive event recognizer determination module 173. In some embodiments,event dispatcher module 174 stores in an event queue the eventinformation, which is retrieved by a respective event receiver 182.

In some embodiments, operating system 126 includes event sorter 170.Alternatively, application 136-1 includes event sorter 170. In yet otherembodiments, event sorter 170 is a stand-alone module, or a part ofanother module stored in memory 102, such as contact/motion module 130.

In some embodiments, application 136-1 includes a plurality of eventhandlers 190 and one or more application views 191, each of whichincludes instructions for handling touch events that occur within arespective view of the application's user interface. Each applicationview 191 of the application 136-1 includes one or more event recognizers180. Typically, a respective application view 191 includes a pluralityof event recognizers 180. In other embodiments, one or more of eventrecognizers 180 are part of a separate module, such as a user interfacekit (not shown) or a higher level object from which application 136-1inherits methods and other properties. In some embodiments, a respectiveevent handler 190 includes one or more of: data updater 176, objectupdater 177, GUI updater 178, and/or event data 179 received from eventsorter 170. Event handler 190 optionally utilizes or calls data updater176, object updater 177, or GUI updater 178 to update the applicationinternal state 192. Alternatively, one or more of the application views191 include one or more respective event handlers 190. Also, in someembodiments, one or more of data updater 176, object updater 177, andGUI updater 178 are included in a respective application view 191.

A respective event recognizer 180 receives event information (e.g.,event data 179) from event sorter 170 and identifies an event from theevent information. Event recognizer 180 includes event receiver 182 andevent comparator 184. In some embodiments, event recognizer 180 alsoincludes at least a subset of: metadata 183, and event deliveryinstructions 188 (which optionally include sub-event deliveryinstructions).

Event receiver 182 receives event information from event sorter 170. Theevent information includes information about a sub-event, for example, atouch or a touch movement. Depending on the sub-event, the eventinformation also includes additional information, such as location ofthe sub-event. When the sub-event concerns motion of a touch, the eventinformation optionally also includes speed and direction of thesub-event. In some embodiments, events include rotation of the devicefrom one orientation to another (e.g., from a portrait orientation to alandscape orientation, or vice versa), and the event informationincludes corresponding information about the current orientation (alsocalled device attitude) of the device.

Event comparator 184 compares the event information to predefined eventor sub-event definitions and, based on the comparison, determines anevent or sub-event, or determines or updates the state of an event orsub-event. In some embodiments, event comparator 184 includes eventdefinitions 186. Event definitions 186 contain definitions of events(e.g., predefined sequences of sub-events), for example, event 1(187-1), event 2 (187-2), and others. In some embodiments, sub-events inan event (187) include, for example, touch begin, touch end, touchmovement, touch cancellation, and multiple touching. In one example, thedefinition for event 1 (187-1) is a double tap on a displayed object.The double tap, for example, comprises a first touch (touch begin) onthe displayed object for a predetermined phase, a first liftoff (touchend) for a predetermined phase, a second touch (touch begin) on thedisplayed object for a predetermined phase, and a second liftoff (touchend) for a predetermined phase. In another example, the definition forevent 2 (187-2) is a dragging on a displayed object. The dragging, forexample, comprises a touch (or contact) on the displayed object for apredetermined phase, a movement of the touch across touch-sensitivedisplay 112, and liftoff of the touch (touch end). In some embodiments,the event also includes information for one or more associated eventhandlers 190.

In some embodiments, event definition 187 includes a definition of anevent for a respective user-interface object. In some embodiments, eventcomparator 184 performs a hit test to determine which user-interfaceobject is associated with a sub-event. For example, in an applicationview in which three user-interface objects are displayed ontouch-sensitive display 112, when a touch is detected on touch-sensitivedisplay 112, event comparator 184 performs a hit test to determine whichof the three user-interface objects is associated with the touch(sub-event). If each displayed object is associated with a respectiveevent handler 190, the event comparator uses the result of the hit testto determine which event handler 190 should be activated. For example,event comparator 184 selects an event handler associated with thesub-event and the object triggering the hit test.

In some embodiments, the definition for a respective event (187) alsoincludes delayed actions that delay delivery of the event informationuntil after it has been determined whether the sequence of sub-eventsdoes or does not correspond to the event recognizer's event type.

When a respective event recognizer 180 determines that the series ofsub-events do not match any of the events in event definitions 186, therespective event recognizer 180 enters an event impossible, eventfailed, or event ended state, after which it disregards subsequentsub-events of the touch-based gesture. In this situation, other eventrecognizers, if any, that remain active for the hit view continue totrack and process sub-events of an ongoing touch-based gesture.

In some embodiments, a respective event recognizer 180 includes metadata183 with configurable properties, flags, and/or lists that indicate howthe event delivery system should perform sub-event delivery to activelyinvolved event recognizers. In some embodiments, metadata 183 includesconfigurable properties, flags, and/or lists that indicate how eventrecognizers interact, or are enabled to interact, with one another. Insome embodiments, metadata 183 includes configurable properties, flags,and/or lists that indicate whether sub-events are delivered to varyinglevels in the view or programmatic hierarchy.

In some embodiments, a respective event recognizer 180 activates eventhandler 190 associated with an event when one or more particularsub-events of an event are recognized. In some embodiments, a respectiveevent recognizer 180 delivers event information associated with theevent to event handler 190. Activating an event handler 190 is distinctfrom sending (and deferred sending) sub-events to a respective hit view.In some embodiments, event recognizer 180 throws a flag associated withthe recognized event, and event handler 190 associated with the flagcatches the flag and performs a predefined process.

In some embodiments, event delivery instructions 188 include sub-eventdelivery instructions that deliver event information about a sub-eventwithout activating an event handler. Instead, the sub-event deliveryinstructions deliver event information to event handlers associated withthe series of sub-events or to actively involved views. Event handlersassociated with the series of sub-events or with actively involved viewsreceive the event information and perform a predetermined process.

In some embodiments, data updater 176 creates and updates data used inapplication 136-1. For example, data updater 176 updates the telephonenumber used in contacts module 137, or stores a video file used in videoplayer module. In some embodiments, object updater 177 creates andupdates objects used in application 136-1. For example, object updater177 creates a new user-interface object or updates the position of auser-interface object. GUI updater 178 updates the GUI. For example, GUIupdater 178 prepares display information and sends it to graphics module132 for display on a touch-sensitive display.

In some embodiments, event handler(s) 190 includes or has access to dataupdater 176, object updater 177, and GUI updater 178. In someembodiments, data updater 176, object updater 177, and GUI updater 178are included in a single module of a respective application 136-1 orapplication view 191. In other embodiments, they are included in two ormore software modules.

It shall be understood that the foregoing discussion regarding eventhandling of user touches on touch-sensitive displays also applies toother forms of user inputs to operate multifunction devices 100 withinput devices, not all of which are initiated on touch screens. Forexample, mouse movement and mouse button presses, optionally coordinatedwith single or multiple keyboard presses or holds; contact movementssuch as taps, drags, scrolls, etc. on touchpads; pen stylus inputs;movement of the device; oral instructions; detected eye movements;biometric inputs; and/or any combination thereof are optionally utilizedas inputs corresponding to sub-events which define an event to berecognized.

FIG. 2 illustrates a portable multifunction device 100 having a touchscreen 112 in accordance with some embodiments. The touch screenoptionally displays one or more graphics within user interface (UI) 200.In this embodiment, as well as others described below, a user is enabledto select one or more of the graphics by making a gesture on thegraphics, for example, with one or more fingers 202 (not drawn to scalein the figure) or one or more styluses 203 (not drawn to scale in thefigure). In some embodiments, selection of one or more graphics occurswhen the user breaks contact with the one or more graphics. In someembodiments, the gesture optionally includes one or more taps, one ormore swipes (from left to right, right to left, upward and/or downward),and/or a rolling of a finger (from right to left, left to right, upwardand/or downward) that has made contact with device 100. In someimplementations or circumstances, inadvertent contact with a graphicdoes not select the graphic. For example, a swipe gesture that sweepsover an application icon optionally does not select the correspondingapplication when the gesture corresponding to selection is a tap.

Device 100 optionally also include one or more physical buttons, such as“home” or menu button 204. As described previously, menu button 204 is,optionally, used to navigate to any application 136 in a set ofapplications that are, optionally, executed on device 100.Alternatively, in some embodiments, the menu button is implemented as asoft key in a GUI displayed on touch screen 112.

In some embodiments, device 100 includes touch screen 112, menu button204, push button 206 for powering the device on/off and locking thedevice, volume adjustment button(s) 208, subscriber identity module(SIM) card slot 210, headset jack 212, and docking/charging externalport 124. Push button 206 is, optionally, used to turn the power on/offon the device by depressing the button and holding the button in thedepressed state for a predefined time interval; to lock the device bydepressing the button and releasing the button before the predefinedtime interval has elapsed; and/or to unlock the device or initiate anunlock process. In an alternative embodiment, device 100 also acceptsverbal input for activation or deactivation of some functions throughmicrophone 113. Device 100 also, optionally, includes one or morecontact intensity sensors 165 for detecting intensity of contacts ontouch screen 112 and/or one or more tactile output generators 167 forgenerating tactile outputs for a user of device 100.

FIG. 3 is a block diagram of an exemplary multifunction device with adisplay and a touch-sensitive surface in accordance with someembodiments. Device 300 need not be portable. In some embodiments,device 300 is a laptop computer, a desktop computer, a tablet computer,a multimedia player device, a navigation device, an educational device(such as a child's learning toy), a gaming system, or a control device(e.g., a home or industrial controller). Device 300 typically includesone or more processing units (CPUs) 310, one or more network or othercommunications interfaces 360, memory 370, and one or more communicationbuses 320 for interconnecting these components. Communication buses 320optionally include circuitry (sometimes called a chipset) thatinterconnects and controls communications between system components.Device 300 includes input/output (I/O) interface 330 comprising display340, which is typically a touch screen display. I/O interface 330 alsooptionally includes a keyboard and/or mouse (or other pointing device)350 and touchpad 355, tactile output generator 357 for generatingtactile outputs on device 300 (e.g., similar to tactile outputgenerator(s) 167 described above with reference to FIG. 1A), sensors 359(e.g., optical, acceleration, proximity, touch-sensitive, and/or contactintensity sensors similar to contact intensity sensor(s) 165 describedabove with reference to FIG. 1A). Memory 370 includes high-speed randomaccess memory, such as DRAM, SRAM, DDR RAM, or other random access solidstate memory devices; and optionally includes non-volatile memory, suchas one or more magnetic disk storage devices, optical disk storagedevices, flash memory devices, or other non-volatile solid state storagedevices. Memory 370 optionally includes one or more storage devicesremotely located from CPU(s) 310. In some embodiments, memory 370 storesprograms, modules, and data structures analogous to the programs,modules, and data structures stored in memory 102 of portablemultifunction device 100 (FIG. 1A), or a subset thereof. Furthermore,memory 370 optionally stores additional programs, modules, and datastructures not present in memory 102 of portable multifunction device100. For example, memory 370 of device 300 optionally stores drawingmodule 380, presentation module 382, word processing module 384, websitecreation module 386, disk authoring module 388, and/or spreadsheetmodule 390, while memory 102 of portable multifunction device 100 (FIG.1A) optionally does not store these modules.

Each of the above-identified elements in FIG. 3 is, optionally, storedin one or more of the previously mentioned memory devices. Each of theabove-identified modules corresponds to a set of instructions forperforming a function described above. The above-identified modules orprograms (e.g., sets of instructions) need not be implemented asseparate software programs, procedures, or modules, and thus varioussubsets of these modules are, optionally, combined or otherwiserearranged in various embodiments. In some embodiments, memory 370optionally stores a subset of the modules and data structures identifiedabove. Furthermore, memory 370 optionally stores additional modules anddata structures not described above.

Attention is now directed towards embodiments of user interfaces thatare, optionally, implemented on, for example, portable multifunctiondevice 100.

FIG. 4A illustrates an exemplary user interface for a menu ofapplications on portable multifunction device 100 in accordance withsome embodiments. Similar user interfaces are, optionally, implementedon device 300. In some embodiments, user interface 400 includes thefollowing elements, or a subset or superset thereof:

-   -   Signal strength indicator(s) 402 for wireless communication(s),        such as cellular and Wi-Fi signals;    -   Time 404;    -   Bluetooth indicator 405;    -   Battery status indicator 406;    -   Tray 408 with icons for frequently used applications, such as:        -   Icon 416 for telephone module 138, labeled “Phone,” which            optionally includes an indicator 414 of the number of missed            calls or voicemail messages;        -   Icon 418 for e-mail client module 140, labeled “Mail,” which            optionally includes an indicator 410 of the number of unread            e-mails;        -   Icon 420 for browser module 147, labeled “Browser;” and        -   Icon 422 for video and music player module 152, also            referred to as iPod (trademark of Apple Inc.) module 152,            labeled “iPod;” and    -   Icons for other applications, such as:        -   Icon 424 for IM module 141, labeled “Messages;”        -   Icon 426 for calendar module 148, labeled “Calendar;”        -   Icon 428 for image management module 144, labeled “Photos;”        -   Icon 430 for camera module 143, labeled “Camera;”        -   Icon 432 for online video module 155, labeled “Online            Video;”        -   Icon 434 for stocks widget 149-2, labeled “Stocks;”        -   Icon 436 for map module 154, labeled “Maps;”        -   Icon 438 for weather widget 149-1, labeled “Weather;”        -   Icon 440 for alarm clock widget 149-4, labeled “Clock;”        -   Icon 442 for workout support module 142, labeled “Workout            Support;”        -   Icon 444 for notes module 153, labeled “Notes;” and        -   Icon 446 for a settings application or module, labeled            “Settings,” which provides access to settings for device 100            and its various applications 136.

It should be noted that the icon labels illustrated in FIG. 4A aremerely exemplary. For example, icon 422 for video and music playermodule 152 is labeled “Music” or “Music Player.” Other labels are,optionally, used for various application icons. In some embodiments, alabel for a respective application icon includes a name of anapplication corresponding to the respective application icon. In someembodiments, a label for a particular application icon is distinct froma name of an application corresponding to the particular applicationicon.

FIG. 4B illustrates an exemplary user interface on a device (e.g.,device 300, FIG. 3) with a touch-sensitive surface 451 (e.g., a tabletor touchpad 355, FIG. 3) that is separate from the display 450 (e.g.,touch screen display 112). Device 300 also, optionally, includes one ormore contact intensity sensors (e.g., one or more of sensors 359) fordetecting intensity of contacts on touch-sensitive surface 451 and/orone or more tactile output generators 357 for generating tactile outputsfor a user of device 300.

Although some of the examples that follow will be given with referenceto inputs on touch screen display 112 (where the touch-sensitive surfaceand the display are combined), in some embodiments, the device detectsinputs on a touch-sensitive surface that is separate from the display,as shown in FIG. 4B. In some embodiments, the touch-sensitive surface(e.g., 451 in FIG. 4B) has a primary axis (e.g., 452 in FIG. 4B) thatcorresponds to a primary axis (e.g., 453 in FIG. 4B) on the display(e.g., 450). In accordance with these embodiments, the device detectscontacts (e.g., 460 and 462 in FIG. 4B) with the touch-sensitive surface451 at locations that correspond to respective locations on the display(e.g., in FIG. 4B, 460 corresponds to 468 and 462 corresponds to 470).In this way, user inputs (e.g., contacts 460 and 462, and movementsthereof) detected by the device on the touch-sensitive surface (e.g.,451 in FIG. 4B) are used by the device to manipulate the user interfaceon the display (e.g., 450 in FIG. 4B) of the multifunction device whenthe touch-sensitive surface is separate from the display. It should beunderstood that similar methods are, optionally, used for other userinterfaces described herein.

Additionally, while the following examples are given primarily withreference to finger inputs (e.g., finger contacts, finger tap gestures,finger swipe gestures), it should be understood that, in someembodiments, one or more of the finger inputs are replaced with inputfrom another input device (e.g., a mouse-based input or stylus input).For example, a swipe gesture is, optionally, replaced with a mouse click(e.g., instead of a contact) followed by movement of the cursor alongthe path of the swipe (e.g., instead of movement of the contact). Asanother example, a tap gesture is, optionally, replaced with a mouseclick while the cursor is located over the location of the tap gesture(e.g., instead of detection of the contact followed by ceasing to detectthe contact). Similarly, when multiple user inputs are simultaneouslydetected, it should be understood that multiple computer mice are,optionally, used simultaneously, or a mouse and finger contacts are,optionally, used simultaneously.

FIG. 5A illustrates exemplary personal electronic device 500. Device 500includes body 502. In some embodiments, device 500 can include some orall of the features described with respect to devices 100 and 300 (e.g.,FIGS. 1A-4B). In some embodiments, device 500 has touch-sensitivedisplay screen 504, hereafter touch screen 504. Alternatively, or inaddition to touch screen 504, device 500 has a display and atouch-sensitive surface. As with devices 100 and 300, in someembodiments, touch screen 504 (or the touch-sensitive surface)optionally includes one or more intensity sensors for detectingintensity of contacts (e.g., touches) being applied. The one or moreintensity sensors of touch screen 504 (or the touch-sensitive surface)can provide output data that represents the intensity of touches. Theuser interface of device 500 can respond to touches based on theirintensity, meaning that touches of different intensities can invokedifferent user interface operations on device 500.

Exemplary techniques for detecting and processing touch intensity arefound, for example, in related applications: International PatentApplication Serial No. PCT/US2013/040061, titled “Device, Method, andGraphical User Interface for Displaying User Interface ObjectsCorresponding to an Application,” filed May 8, 2013, published as WIPOPublication No. WO/2013/169849, and International Patent ApplicationSerial No. PCT/US2013/069483, titled “Device, Method, and Graphical UserInterface for Transitioning Between Touch Input to Display OutputRelationships,” filed Nov. 11, 2013, published as WIPO Publication No.WO/2014/105276, each of which is hereby incorporated by reference intheir entirety.

In some embodiments, device 500 has one or more input mechanisms 506 and508. Input mechanisms 506 and 508, if included, can be physical.Examples of physical input mechanisms include push buttons and rotatablemechanisms. In some embodiments, device 500 has one or more attachmentmechanisms. Such attachment mechanisms, if included, can permitattachment of device 500 with, for example, hats, eyewear, earrings,necklaces, shirts, jackets, bracelets, watch straps, chains, trousers,belts, shoes, purses, backpacks, and so forth. These attachmentmechanisms permit device 500 to be worn by a user.

FIG. 5B depicts exemplary personal electronic device 500. In someembodiments, device 500 can include some or all of the componentsdescribed with respect to FIGS. 1A, 1B, and 3. Device 500 has bus 512that operatively couples I/O section 514 with one or more computerprocessors 516 and memory 518. I/O section 514 can be connected todisplay 504, which can have touch-sensitive component 522 and,optionally, intensity sensor 524 (e.g., contact intensity sensor). Inaddition, I/O section 514 can be connected with communication unit 530for receiving application and operating system data, using Wi-Fi,Bluetooth, near field communication (NFC), cellular, and/or otherwireless communication techniques. Device 500 can include inputmechanisms 506 and/or 508. Input mechanism 506 is, optionally, arotatable input device or a depressible and rotatable input device, forexample. Input mechanism 508 is, optionally, a button, in some examples.

Input mechanism 508 is, optionally, a microphone, in some examples.Personal electronic device 500 optionally includes various sensors, suchas GPS sensor 532, accelerometer 534, directional sensor 540 (e.g.,compass), gyroscope 536, motion sensor 538, and/or a combinationthereof, all of which can be operatively connected to I/O section 514.

Memory 518 of personal electronic device 500 can include one or morenon-transitory computer-readable storage mediums, for storingcomputer-executable instructions, which, when executed by one or morecomputer processors 516, for example, can cause the computer processorsto perform the techniques described below, including processes 900-1100(FIGS. 9-11). Personal electronic device 500 is not limited to thecomponents and configuration of FIG. 5B, but can include other oradditional components in multiple configurations.

As used here, the term “affordance” refers to a user-interactivegraphical user interface object that is, optionally, displayed on thedisplay screen of devices 100, 300, and/or 500 (FIGS. 1A-B, 3, and5A-H). For example, an image (e.g., icon), a button, and text (e.g.,hyperlink) each optionally constitute an affordance.

As used herein, the term “focus selector” refers to an input elementthat indicates a current part of a user interface with which a user isinteracting. In some implementations that include a cursor or otherlocation marker, the cursor acts as a “focus selector” so that when aninput (e.g., a press input) is detected on a touch-sensitive surface(e.g., touchpad 355 in FIG. 3 or touch-sensitive surface 451 in FIG. 4B)while the cursor is over a particular user interface element (e.g., abutton, window, slider, or other user interface element), the particularuser interface element is adjusted in accordance with the detectedinput. In some implementations that include a touch screen display(e.g., touch-sensitive display system 112 in FIG. 1A or touch screen 112in FIG. 4A) that enables direct interaction with user interface elementson the touch screen display, a detected contact on the touch screen actsas a “focus selector” so that when an input (e.g., a press input by thecontact) is detected on the touch screen display at a location of aparticular user interface element (e.g., a button, window, slider, orother user interface element), the particular user interface element isadjusted in accordance with the detected input. In some implementations,focus is moved from one region of a user interface to another region ofthe user interface without corresponding movement of a cursor ormovement of a contact on a touch screen display (e.g., by using a tabkey or arrow keys to move focus from one button to another button); inthese implementations, the focus selector moves in accordance withmovement of focus between different regions of the user interface.Without regard to the specific form taken by the focus selector, thefocus selector is generally the user interface element (or contact on atouch screen display) that is controlled by the user so as tocommunicate the user's intended interaction with the user interface(e.g., by indicating, to the device, the element of the user interfacewith which the user is intending to interact). For example, the locationof a focus selector (e.g., a cursor, a contact, or a selection box) overa respective button while a press input is detected on thetouch-sensitive surface (e.g., a touchpad or touch screen) will indicatethat the user is intending to activate the respective button (as opposedto other user interface elements shown on a display of the device).

As used in the specification and claims, the term “characteristicintensity” of a contact refers to a characteristic of the contact basedon one or more intensities of the contact. In some embodiments, thecharacteristic intensity is based on multiple intensity samples. Thecharacteristic intensity is, optionally, based on a predefined number ofintensity samples, or a set of intensity samples collected during apredetermined time period (e.g., 0.05, 0.1, 0.2, 0.5, 1, 2, 5, 10seconds) relative to a predefined event (e.g., after detecting thecontact, prior to detecting liftoff of the contact, before or afterdetecting a start of movement of the contact, prior to detecting an endof the contact, before or after detecting an increase in intensity ofthe contact, and/or before or after detecting a decrease in intensity ofthe contact). A characteristic intensity of a contact is, optionally,based on one or more of: a maximum value of the intensities of thecontact, a mean value of the intensities of the contact, an averagevalue of the intensities of the contact, a top 10 percentile value ofthe intensities of the contact, a value at the half maximum of theintensities of the contact, a value at the 90 percent maximum of theintensities of the contact, or the like. In some embodiments, theduration of the contact is used in determining the characteristicintensity (e.g., when the characteristic intensity is an average of theintensity of the contact over time). In some embodiments, thecharacteristic intensity is compared to a set of one or more intensitythresholds to determine whether an operation has been performed by auser. For example, the set of one or more intensity thresholdsoptionally includes a first intensity threshold and a second intensitythreshold. In this example, a contact with a characteristic intensitythat does not exceed the first threshold results in a first operation, acontact with a characteristic intensity that exceeds the first intensitythreshold and does not exceed the second intensity threshold results ina second operation, and a contact with a characteristic intensity thatexceeds the second threshold results in a third operation. In someembodiments, a comparison between the characteristic intensity and oneor more thresholds is used to determine whether or not to perform one ormore operations (e.g., whether to perform a respective operation orforgo performing the respective operation), rather than being used todetermine whether to perform a first operation or a second operation.

FIG. 5C illustrates detecting a plurality of contacts 552A-552E ontouch-sensitive display screen 504 with a plurality of intensity sensors524A-524D. FIG. 5C additionally includes intensity diagrams that showthe current intensity measurements of the intensity sensors 524A-524Drelative to units of intensity. In this example, the intensitymeasurements of intensity sensors 524A and 524D are each 9 units ofintensity, and the intensity measurements of intensity sensors 524B and524C are each 7 units of intensity. In some implementations, anaggregate intensity is the sum of the intensity measurements of theplurality of intensity sensors 524A-524D, which in this example is 32intensity units. In some embodiments, each contact is assigned arespective intensity that is a portion of the aggregate intensity. FIG.5D illustrates assigning the aggregate intensity to contacts 552A-552Ebased on their distance from the center of force 554. In this example,each of contacts 552A, 552B, and 552E are assigned an intensity ofcontact of 8 intensity units of the aggregate intensity, and each ofcontacts 552C and 552D are assigned an intensity of contact of 4intensity units of the aggregate intensity. More generally, in someimplementations, each contact j is assigned a respective intensity Ijthat is a portion of the aggregate intensity, A, in accordance with apredefined mathematical function, Ij=A·(Dj/ΣDi), where Dj is thedistance of the respective contact j to the center of force, and ΣDi isthe sum of the distances of all the respective contacts (e.g., i=1 tolast) to the center of force. The operations described with reference toFIGS. 5C-5D can be performed using an electronic device similar oridentical to device 100, 300, or 500. In some embodiments, acharacteristic intensity of a contact is based on one or moreintensities of the contact. In some embodiments, the intensity sensorsare used to determine a single characteristic intensity (e.g., a singlecharacteristic intensity of a single contact). It should be noted thatthe intensity diagrams are not part of a displayed user interface, butare included in FIGS. 5C-5D to aid the reader.

In some embodiments, a portion of a gesture is identified for purposesof determining a characteristic intensity. For example, atouch-sensitive surface optionally receives a continuous swipe contacttransitioning from a start location and reaching an end location, atwhich point the intensity of the contact increases. In this example, thecharacteristic intensity of the contact at the end location is,optionally, based on only a portion of the continuous swipe contact, andnot the entire swipe contact (e.g., only the portion of the swipecontact at the end location). In some embodiments, a smoothing algorithmis, optionally, applied to the intensities of the swipe contact prior todetermining the characteristic intensity of the contact. For example,the smoothing algorithm optionally includes one or more of: anunweighted sliding-average smoothing algorithm, a triangular smoothingalgorithm, a median filter smoothing algorithm, and/or an exponentialsmoothing algorithm. In some circumstances, these smoothing algorithmseliminate narrow spikes or dips in the intensities of the swipe contactfor purposes of determining a characteristic intensity.

The intensity of a contact on the touch-sensitive surface is,optionally, characterized relative to one or more intensity thresholds,such as a contact-detection intensity threshold, a light press intensitythreshold, a deep press intensity threshold, and/or one or more otherintensity thresholds. In some embodiments, the light press intensitythreshold corresponds to an intensity at which the device will performoperations typically associated with clicking a button of a physicalmouse or a trackpad. In some embodiments, the deep press intensitythreshold corresponds to an intensity at which the device will performoperations that are different from operations typically associated withclicking a button of a physical mouse or a trackpad. In someembodiments, when a contact is detected with a characteristic intensitybelow the light press intensity threshold (e.g., and above a nominalcontact-detection intensity threshold below which the contact is nolonger detected), the device will move a focus selector in accordancewith movement of the contact on the touch-sensitive surface withoutperforming an operation associated with the light press intensitythreshold or the deep press intensity threshold. Generally, unlessotherwise stated, these intensity thresholds are consistent betweendifferent sets of user interface figures.

An increase of characteristic intensity of the contact from an intensitybelow the light press intensity threshold to an intensity between thelight press intensity threshold and the deep press intensity thresholdis sometimes referred to as a “light press” input. An increase ofcharacteristic intensity of the contact from an intensity below the deeppress intensity threshold to an intensity above the deep press intensitythreshold is sometimes referred to as a “deep press” input. An increaseof characteristic intensity of the contact from an intensity below thecontact-detection intensity threshold to an intensity between thecontact-detection intensity threshold and the light press intensitythreshold is sometimes referred to as detecting the contact on thetouch-surface. A decrease of characteristic intensity of the contactfrom an intensity above the contact-detection intensity threshold to anintensity below the contact-detection intensity threshold is sometimesreferred to as detecting liftoff of the contact from the touch-surface.In some embodiments, the contact-detection intensity threshold is zero.In some embodiments, the contact-detection intensity threshold isgreater than zero.

In some embodiments described herein, one or more operations areperformed in response to detecting a gesture that includes a respectivepress input or in response to detecting the respective press inputperformed with a respective contact (or a plurality of contacts), wherethe respective press input is detected based at least in part ondetecting an increase in intensity of the contact (or plurality ofcontacts) above a press-input intensity threshold. In some embodiments,the respective operation is performed in response to detecting theincrease in intensity of the respective contact above the press-inputintensity threshold (e.g., a “down stroke” of the respective pressinput). In some embodiments, the press input includes an increase inintensity of the respective contact above the press-input intensitythreshold and a subsequent decrease in intensity of the contact belowthe press-input intensity threshold, and the respective operation isperformed in response to detecting the subsequent decrease in intensityof the respective contact below the press-input threshold (e.g., an “upstroke” of the respective press input).

FIGS. 5E-5H illustrate detection of a gesture that includes a pressinput that corresponds to an increase in intensity of a contact 562 froman intensity below a light press intensity threshold (e.g., “IT_(L)”) inFIG. 5E, to an intensity above a deep press intensity threshold (e.g.,“IT_(D)”) in FIG. 5H. The gesture performed with contact 562 is detectedon touch-sensitive surface 560 while cursor 576 is displayed overapplication icon 572B corresponding to App 2, on a displayed userinterface 570 that includes application icons 572A-572D displayed inpredefined region 574. In some embodiments, the gesture is detected ontouch-sensitive display 504. The intensity sensors detect the intensityof contacts on touch-sensitive surface 560. The device determines thatthe intensity of contact 562 peaked above the deep press intensitythreshold (e.g., “IT_(D)”). Contact 562 is maintained on touch-sensitivesurface 560. In response to the detection of the gesture, and inaccordance with contact 562 having an intensity that goes above the deeppress intensity threshold (e.g., “IT_(D)”) during the gesture,reduced-scale representations 578A-578C (e.g., thumbnails) of recentlyopened documents for App 2 are displayed, as shown in FIGS. 5F-5H. Insome embodiments, the intensity, which is compared to the one or moreintensity thresholds, is the characteristic intensity of a contact. Itshould be noted that the intensity diagram for contact 562 is not partof a displayed user interface, but is included in FIGS. 5E-5H to aid thereader.

In some embodiments, the display of representations 578A-578C includesan animation. For example, representation 578A is initially displayed inproximity of application icon 572B, as shown in FIG. 5F. As theanimation proceeds, representation 578A moves upward and representation578B is displayed in proximity of application icon 572B, as shown inFIG. 5G. Then, representations 578A moves upward, 578B moves upwardtoward representation 578A, and representation 578C is displayed inproximity of application icon 572B, as shown in FIG. 5H. Representations578A-578C form an array above icon 572B. In some embodiments, theanimation progresses in accordance with an intensity of contact 562, asshown in FIGS. 5F-5G, where the representations 578A-578C appear andmove upwards as the intensity of contact 562 increases toward the deeppress intensity threshold (e.g., “IT_(D)”). In some embodiments, theintensity, on which the progress of the animation is based, is thecharacteristic intensity of the contact. The operations described withreference to FIGS. 5E-5H can be performed using an electronic devicesimilar or identical to device 100, 300, or 500.

In some embodiments, the device employs intensity hysteresis to avoidaccidental inputs sometimes termed “jitter,” where the device defines orselects a hysteresis intensity threshold with a predefined relationshipto the press-input intensity threshold (e.g., the hysteresis intensitythreshold is X intensity units lower than the press-input intensitythreshold or the hysteresis intensity threshold is 75%, 90%, or somereasonable proportion of the press-input intensity threshold). Thus, insome embodiments, the press input includes an increase in intensity ofthe respective contact above the press-input intensity threshold and asubsequent decrease in intensity of the contact below the hysteresisintensity threshold that corresponds to the press-input intensitythreshold, and the respective operation is performed in response todetecting the subsequent decrease in intensity of the respective contactbelow the hysteresis intensity threshold (e.g., an “up stroke” of therespective press input). Similarly, in some embodiments, the press inputis detected only when the device detects an increase in intensity of thecontact from an intensity at or below the hysteresis intensity thresholdto an intensity at or above the press-input intensity threshold and,optionally, a subsequent decrease in intensity of the contact to anintensity at or below the hysteresis intensity, and the respectiveoperation is performed in response to detecting the press input (e.g.,the increase in intensity of the contact or the decrease in intensity ofthe contact, depending on the circumstances).

For ease of explanation, the descriptions of operations performed inresponse to a press input associated with a press-input intensitythreshold or in response to a gesture including the press input are,optionally, triggered in response to detecting either: an increase inintensity of a contact above the press-input intensity threshold, anincrease in intensity of a contact from an intensity below thehysteresis intensity threshold to an intensity above the press-inputintensity threshold, a decrease in intensity of the contact below thepress-input intensity threshold, and/or a decrease in intensity of thecontact below the hysteresis intensity threshold corresponding to thepress-input intensity threshold. Additionally, in examples where anoperation is described as being performed in response to detecting adecrease in intensity of a contact below the press-input intensitythreshold, the operation is, optionally, performed in response todetecting a decrease in intensity of the contact below a hysteresisintensity threshold corresponding to, and lower than, the press-inputintensity threshold.

FIG. 6 illustrates exemplary devices connected via one or morecommunication channels to complete a payment transaction in accordancewith some embodiments. One or more exemplary electronic devices (e.g.,devices 100, 300, and 500) are configured to optionally detect input(e.g., a particular user input, an NFC field) and optionally transmitpayment information (e.g., using NFC). The one or more electronicdevices optionally include NFC hardware and are configured to beNFC-enabled.

The electronic devices (e.g., devices 100, 300, and 500) are optionallyconfigured to store payment account information associated with each ofone or more payment accounts. Payment account information includes, forexample, one or more of: a person's or company's name, a billingaddress, a login, a password, an account number, an expiration date, asecurity code, a telephone number, a bank associated with the paymentaccount (e.g., an issuing bank), and a card network identifier. In someexamples, payment account information includes include an image, such asa picture of a payment card (e.g., taken by the device and/or receivedat the device). In some examples, the electronic devices receive userinput including at least some payment account information (e.g.,receiving user-entered credit, debit, account, or gift card number andexpiration date). In some examples, the electronic devices detect atleast some payment account information from an image (e.g., of a paymentcard captured by a camera sensor of the device). In some examples, theelectronic devices receive at least some payment account informationfrom another device (e.g., another user device or a server). In someexamples, the electronic device receives payment account informationfrom a server associated with another service for which an account for auser or user device previously made a purchase or identified paymentaccount data (e.g., an app for renting or selling audio and/or videofiles).

In some embodiments, a payment account is added to an electronic device(e.g., device 100, 300, and 500), such that payment account informationis securely stored on the electronic device. In some examples, after auser initiates such process, the electronic device transmits informationfor the payment account to a transaction-coordination server, which thencommunicates with a server operated by a payment network for the account(e.g., a payment server) to ensure a validity of the information. Theelectronic device is optionally configured to receive a script from theserver that allows the electronic device to program payment informationfor the account onto the secure element.

In some embodiments, communication among electronic devices 100, 300,and 500 facilitates transactions (e.g., generally or specifictransactions). For example, a first electronic device (e.g., 100) canserve as a provisioning or managing device, and can send notificationsof new or updated payment account data (e.g., information for a newaccount, updated information for an existing account, and/or an alertpertaining to an existing account) to a second electronic device (e.g.,500). In another example, a first electronic device (e.g., 100) can senddata to a second election device, wherein the data reflects informationabout payment transactions facilitated at the first electronic device.The information optionally includes one or more of: a payment amount, anaccount used, a time of purchase, and whether a default account waschanged. The second device (e.g., 500) optionally uses such informationto update a default payment account (e.g., based on a learning algorithmor explicit user input).

Electronic devices (e.g., 100, 300, 500, 700) are configured tocommunicate with each other over any of a variety of networks. Forexample, the devices communicate using a Bluetooth connection 608 (e.g.,which includes a traditional Bluetooth connection or a Bluetooth LowEnergy connection) or using a WiFi network 606. Communications amonguser devices are, optionally, conditioned to reduce the possibility ofinappropriately sharing information across devices. For example,communications relating to payment information requires that thecommunicating devices be paired (e.g., be associated with each other viaan explicit user interaction) or be associated with a same user account.

In some embodiments, an electronic device (e.g., 100, 300, 500) is usedto communicate with a point-of-sale (POS) payment terminal 600, which isoptionally NFC-enabled. The communication optionally occurs using avariety of communication channels and/or technologies. In some examples,electronic device (e.g., 100, 300, 500) communicates with paymentterminal 600 using an NFC channel 610. In some examples, paymentterminal 600 communicates with an electronic device (e.g., 100, 300,500) using a peer-to-peer NFC mode. Electronic device (e.g., 100, 300,500) is optionally configured transmit a signal to payment terminal 600that includes payment information for a payment account (e.g., a defaultaccount or an account selected for the particular transaction).

In some embodiments, generation of and/or transmission of the signal iscontrolled by a secure element in the electronic device (e.g., 100, 300,500). The secure element optionally requires a particular user inputprior to releasing payment information. For example, the secure elementoptionally requires detection that the electronic device is being worn,detection of a button press, detection of entry of a passcode, detectionof a touch, detection of one or more option selections (e.g., receivedwhile interacting with an application), detection of a fingerprintsignature, detection of a voice or voice command, and or detection of agesture or movement (e.g., rotation or acceleration). In some examples,if a communication channel (e.g., an NFC communication channel) withanother device (e.g., payment terminal 600) is established within adefined time period from detection of the input, the secure elementreleases payment information to be transmitted to the other device(e.g., payment terminal 600). In some examples, the secure element is ahardware component that controls release of secure information. In someexamples, the secure element is a software component that controlsrelease of secure information.

In some embodiments, protocols related to transaction participationdepend on, for example, device types. For example, a condition forgenerating and/or transmitting payment information can be different fora wearable device (e.g., device 500) and a phone (e.g., device 100). Forexample, a generation and/or transmission condition for a wearabledevice includes detecting that a button has been pressed (e.g., after asecurity verification), while a corresponding condition for a phone doesnot require button-depression and instead requires detection ofparticular interaction with an application. In some examples, acondition for transmitting and/or releasing payment information includesreceiving particular input on each of multiple devices. For example,release of payment information optionally requires detection of afingerprint and/or passcode at the device (e.g., device 100) anddetection of a mechanical input (e.g., button press) on another device(e.g., device 500).

Payment terminal 600 optionally uses the payment information to generatea signal to transmit to a payment server 604 to determine whether thepayment is authorized. Payment server 604 optionally includes any deviceor system configured to receive payment information associated with apayment account and to determine whether a proposed purchase isauthorized. In some examples, payment server 604 includes a server of anissuing bank. Payment terminal 600 communicates with payment server 604directly or indirectly via one or more other devices or systems (e.g., aserver of an acquiring bank and/or a server of a card network).

Payment server 604 optionally uses at least some of the paymentinformation to identify a user account from among a database of useraccounts (e.g., 602). For example, each user account includes paymentinformation. An account is, optionally, located by locating an accountwith particular payment information matching that from the POScommunication. In some examples, a payment is denied when providedpayment information is not consistent (e.g., an expiration date does notcorrespond to a credit, debit or gift card number) or when no accountincludes payment information matching that from the POS communication.

In some embodiments, data for the user account further identifies one ormore restrictions (e.g., credit limits); current or previous balances;previous transaction dates, locations and/or amounts; account status(e.g., active or frozen), and/or authorization instructions. In someexamples, the payment server (e.g., 604) uses such data to determinewhether to authorize a payment. For example, a payment server denies apayment when a purchase amount added to a current balance would resultin exceeding an account limit, when an account is frozen, when aprevious transaction amount exceeds a threshold, or when a previoustransaction count or frequency exceeds a threshold.

In some embodiments, payment server 604 responds to POS payment terminal600 with an indication as to whether a proposed purchase is authorizedor denied. In some examples, POS payment terminal 600 transmits a signalto the electronic device (e.g., 100, 300, 500) to identify the result.For example, POS payment terminal 600 sends a receipt to the electronicdevice (e.g., 100, 300, 500) when a purchase is authorized (e.g., via atransaction-coordination server that manages a transaction app on theuser device). In some instances, POS payment terminal 600 presents anoutput (e.g., a visual or audio output) indicative of the result.Payment can be sent to a merchant as part of the authorization processor can be subsequently sent.

In some embodiments, the electronic device (e.g., 100, 300, 500)participates in a transaction that is completed without involvement ofPOS payment terminal 600. For example, upon detecting that a mechanicalinput has been received, a secure element in the electronic device(e.g., 100, 300, 500) releases payment information to allow anapplication on the electronic device to access the information (e.g.,and to transmit the information to a server associated with theapplication).

In some embodiments, the electronic device (e.g., 100, 300, 500) is in alocked state or an unlocked state. In the locked state, the electronicdevice is powered on and operational but is prevented from performing apredefined set of operations in response to the user input. Thepredefined set of operations may include navigation between userinterfaces, activation or deactivation of a predefined set of functions,and activation or deactivation of certain applications. The locked statemay be used to prevent unintentional or unauthorized use of somefunctionality of the electronic device or activation or deactivation ofsome functions on the electronic device. In the unlocked state, theelectronic device 100 is power on and operational and is not preventedfrom performing at least a portion of the predefined set of operationsthat cannot be performed while in the locked state.

When the device is in the locked state, the device is said to be locked.In some embodiments, the device in the locked state may respond to alimited set of user inputs, including input that corresponds to anattempt to transition the device to the unlocked state or input thatcorresponds to powering the device off.

In some examples, a secure element is a hardware component (e.g., asecure microcontroller chip) configured to securely store data or analgorithm. In some examples, the secure element provides (or releases)payment information (e.g., an account number and/or atransaction-specific dynamic security code). In some examples, thesecure element provides (or releases) the payment information inresponse to the device receiving authorization, such as a userauthentication (e.g., fingerprint authentication; passcodeauthentication; detecting double-press of a hardware button when thedevice is in an unlocked state, and optionally, while the device is on auser's wrist, such as by detecting that the device is in contact withthe user's skin). For example, the device detects a fingerprint at afingerprint sensor (e.g., a fingerprint sensor integrated into a button)of the device. The device determines whether the fingerprint isconsistent with a registered fingerprint. In accordance with adetermination that the fingerprint is consistent with the registeredfingerprint, the secure element provides (or releases) paymentinformation. In accordance with a determination that the fingerprint isnot consistent with the registered fingerprint, the secure elementforgoes providing (or releasing) payment information.

Attention is now directed towards embodiments of user interfaces (“UI”)and associated processes that are implemented on an electronic device,such as portable multifunction device 100, device 300, or device 500.

FIGS. 7A-7L illustrate exemplary user interfaces for managing a remoteauthorization to proceed with an action, in accordance with someembodiments. The user interfaces in these figures are used to illustratethe processes described below, including the processes in FIGS. 9-11.

FIG. 7A illustrates requesting device 700 (e.g., an electronic device,such as a laptop computer with a display, that does not have a hardwaretoken generator) and authenticating device 500 (e.g., an electronicdevice, such as a smartphone, with a display that does have a hardwaretoken generator). In some examples, the authenticating device 500includes hardware (e.g., hardware token generator) capable of certainfunctionality, while the requesting device 700 does not include thehardware and is not capable of performing the functionality. By usingremote authorization in such a scenario, a user is able to takeadvantage of the hardware capabilities of a device (e.g., theauthenticating device 500) while using (or performing tasks on) adifferent device (e.g., the requesting device 700). In some examples,the present technique enables a parent to remotely authorize an actionusing a first device (e.g., the authenticating device 500), where theaction was requested (or initiated) by the parent's child using a seconddevice (e.g., a requesting device), (e.g., regardless of the hardwarecapabilities of the second device). In some examples, the techniqueshelps to maintain a certain level of security by avoiding the need todistribute secure data to systems that do not meet certain securitystandards (e.g., avoiding the need to generate or store secureinformation on a system that does not have a secure element).

In some examples, requesting device 700 and authenticating device 500are configured to be in communication, such as via wirelesscommunication. For example, the requesting device 700 and authenticatingdevice 500 may be in communication via a personal area network, a localarea network, a wide area network, Bluetooth, WLAN, a cellular network,or any combination thereof.

Requesting device 700 displays a user interface 702 that includes one ormore options 708. In this example, the one or more options 708 are namesof corresponding remote servers. In some examples, the requesting device700 displays a plurality of options 708. Authenticating device 500 is inthe on state. In this example, the display of authenticating device 500is not displaying anything (e.g., the display is turned off).

The requesting device 700 receives selection of one or more options(e.g., receiving user selection of a name or address of a remote server;receiving user selection of a security token generation algorithm fromamong a plurality of token generation algorithms; receiving userselection of a length for a to-be-generated security token; or acombination thereof). In this example, requesting device 700 receivesactivation of option 706 of the one or more options with cursor 704. InFIG. 7B, the requesting device detects activation of the continueaffordance 714 with cursor 704.

In some examples, at FIG. 7C, the requesting device 700 provides options(e.g., by displaying options) corresponding to a plurality ofauthenticating devices, the options corresponding to the plurality ofauthenticating devices includes an option 716, labeled Bob's Phone, thatcorresponds to the authenticating device 500.

At FIG. 7C, the requesting device 700 receives input selecting theoption 716 corresponding to the authenticating device. At FIG. 7D, therequesting device receives selection of an option 722 (e.g., detectinguser activation of a “confirm” affordance or a “connect” affordance) toproceed with an action (e.g., creating a secure network connection;proceeding with a payment transaction) associated with the selected oneor more options 706. In some examples, the action is based on theselected one or more options 706. In some examples, a plurality of theone or more options is selected.

The requesting device 700 transmits a request to proceed with theaction. The request includes information about (or based on) theselected one or more options. In some examples, the requesting device700 transmits the request to proceed with the action to theauthenticating device 500 based on the received input selecting theoption 716 corresponding to the authenticating device.

As illustrated in FIG. 7E, the authenticating device 500 receives therequest to proceed with the action. In some examples, the transmissionfrom the requesting device 700 to the authenticating device 500 isdirect. In some examples, the transmission from the requesting device700 to the authenticating device 500 is indirect, such as through anintermediary device.

In some examples, the authenticating device 500 is in a locked statewhen receiving the request to proceed with the action. In response toreceiving the request to proceed with the action, the authenticatingdevice 500 displays (while remaining in the locked state), on thedisplay, a request notification 730 (e.g., on the lock screen of theauthenticating device 500). In some examples, the request notification730 includes one or more of the information 732 about (or based on) theselected one or more options and the indication 734 of the requestingdevice 700.

In some examples, as illustrated in FIG. 7F, the authenticating device500 receives input activating the request notification 730 (e.g.,receiving a user swipe gesture 736 to slide the request notification 730beyond a threshold distance or a user input gesture pressing on thenotification with a characteristic intensity above a respectivethreshold intensity).

In some examples, as illustrated in FIG. 7G, the authenticating device500 notifies a user of authenticating device 500 (e.g., by displaying arequest 740 and/or generating a haptic vibration) that authorization tounlock the authenticating device 500 has been requested.

In some examples, the authenticating device 500 receives authorization(e.g., via fingerprint or passcode) to unlock the authenticating device(e.g., to transition the authenticating device 500 to an unlockedstate). This authorization for unlocking the device is separate and inaddition to authorization to proceed with the action. In some examples,the authorization to unlock and the authorization to proceed with theaction can be satisfied using the same technique (e.g., using the samefingerprint or the same password). In some examples, the authorizationto unlock and the authorization to proceed with the action are satisfiedusing different techniques (e.g., using a fingerprint for authorizationto unlock and a password for authorization to proceed with the action).In some examples, the authorization to unlock and the authorization toproceed with the action are satisfied using the same technique, but withdifferent inputs (e.g., using a first fingerprint for authorization tounlock and a second fingerprint for authorization to proceed with theaction; using a first password for authorization to unlock and a secondpassword for authorization to proceed with the action). In response to(or subsequent to) receiving authorization to unlock the authenticatingdevice 500, authenticating device 500 unlocks (e.g., transitioning theauthenticating device 500 to an unlocked state).

At FIG. 7H, the authenticating device 500 concurrently displays (e.g.,in response to receiving the request to proceed with the action; inresponse to unlocking), on the display of the authenticating device 500,an indication 750 of the request to proceed with the action, theinformation 752 about the selected one or more options (e.g., name of aremote server for connection; a security token generation algorithm; alength for the to-be-generated security token; one or moreproducts/services for purchase; one or more shipping preferences; or acombination thereof), and an indication 754 of the requesting device 700(e.g., the name of the requesting device, an identifier of therequesting device, or an icon or image that represents the requestingdevice, such as a line drawing of a housing of the requesting device).

In some examples, the indication 754 of the requesting device 700includes a graphical representation of the requesting device 700. Insome examples, the graphical representation of the requesting device 700is an icon representation of the requesting device 700, such as a linedrawing of a housing of the device. In some examples, the iconrepresentation includes one or more of: a finish, a form factor, and oneor more dimension information of the requesting device 700 to enable auser to quickly and accurately identify the device on whichauthentication will be requested. For example, the graphicalrepresentation may indicate that the requesting device 700 is a goldMacBook® or a 27″ iMac®.

The authenticating device 500 displays, on the display of theauthenticating device 500, a request 756 for authorization to proceedwith the action.

As illustrated in FIG. 7I, the authenticating device 500 receives aninput that is responsive to the request for authorization to proceedwith the action (e.g., user authentication information, a fingerprint offinger 758, a passcode). For example, the authenticating device 500receives as input a fingerprint of finger 758 and determines that thefingerprint is consistent with a fingerprint enabled to authorize theauthenticating device 500 to proceed with the action.

The authenticating device 500 transmits a response to the request toproceed with the action. For example, the authenticating device 500transmits the response to the requesting device 700. The response to therequest to proceed with the action is based on the input that isresponsive to the request for authorization to proceed with the action.In some examples, the authenticating device 500 provides an indication760 that a response to the request to proceed with the action was sent.

The requesting device 700 receives (e.g., in response to transmittingthe request; subsequent to transmitting the request) the response to therequest to proceed with the action. For example, the requesting device700 receives the response to the request to proceed with the action fromthe authenticating device 500.

As illustrated in FIG. 7J, in accordance with a determination, at therequesting device 700, that the response to the request to proceed withthe action indicates that the authorization at the authenticating device500 (e.g., a user authentication by the authenticating device 500 basedon biometrics, a fingerprint, a password) was successful, the requestingdevice 700 displays, on the display of the requesting device 700, anindication 762 that the authorization was successful.

In some examples, as illustrated in FIG. 7K, the requesting device 700displays an indication 764 that the requesting device 700 (andalternatively or in addition, the authenticating device 500) proceededwith the action.

As illustrated in FIG. 7L, in accordance with a determination, at therequesting device 700, that the response to the request to proceed withthe action indicates that the authorization (e.g., a user authenticationby the authenticating device 500 based on a biometric, a fingerprint, apassword) was not successful, the requesting device 700 displays, on thedisplay of the requesting device 700, an indication 766 that theauthorization was not successful. The indication 762 that theauthorization was successful is different from the indication 766 thatthe authorization was not successful. In some examples, theauthenticating device 500 displays an indication 768 that theauthorization was not successful.

In some examples, receiving authorization to proceed with the actionincludes receiving a passcode via a touch-sensitive surface of theauthenticating device 500, the passcode being determined to beconsistent with an enrolled passcode that is enabled to authorize theaction. In some examples, authorization to proceed includes detecting afingerprint using a fingerprint sensor, the fingerprint being determinedto be consistent with an enrolled fingerprint that is enabled toauthorize the action. For example, the authenticating device 500 storesinformation about one or more fingerprints of the user to use fordetermining whether a respective fingerprint is enabled to authorize theaction. In some examples, authorization to proceed includes receiving adouble-press of a mechanical button while the device is in an unlockedstate (and, optionally, while the device has continuously been on auser's wrist since the device was unlocked by providing authenticationcredentials to the device, where the continuous presence of the deviceon the user's wrist is determined by periodically checking that thedevice is in contact with the user's skin).

In some examples, the authenticating device 500 includes hardware (e.g.,a hardware token generator, a secure element) configured to respond(e.g., by generating or providing a token, by generating or providingpayment information) to the input that is responsive to the request forauthorization to proceed with the action and the requesting device 700does not include the hardware (e.g., the hardware token generator, asecure element). Thus, the user is able to take advantage of thehardware capabilities of a device (e.g., the authenticating device 500)while using (or performing tasks on) a different device (e.g., therequesting device 700).

FIGS. 8A-8M illustrate exemplary user interfaces for managing a remoteauthorization to proceed with a payment transaction, in accordance withsome embodiments. The user interfaces in these figures are used toillustrate the processes described below, including the processes inFIGS. 9-11.

FIG. 8A illustrates requesting device 700 (e.g., an electronic device,such as a laptop computer with a display, that does not have a secureelement) and authenticating device 500 (e.g., an electronic device, suchas a smartphone, with a display that does have a secure element). Insome examples, the authenticating device 500 includes hardware (e.g., asecure element) capable of certain functionality (e.g., such asgenerating payment account information for use in a paymenttransaction), while the requesting device 700 does not include thehardware and is not capable of performing the functionality. By usingremote authorization in such a scenario, a user is able to takeadvantage of the hardware capabilities of a device (e.g., theauthenticating device 500) while using (or performing tasks on) adifferent device (e.g., the requesting device 700). For example, a usercan browse websites and select items for purchase using a requestingdevice 700, and use authenticating device 500 for proceeding with apayment for the selected items.

Requesting device 700 displays a user interface 802 of a computerapplication. In this example, the application is a web browserapplication that is configured to retrieve and display webpages, such asthrough the retrieval and display of markup language. In some examples,requesting device 700 receives user input causing it to navigate to aweb address. User interface 802 includes a URI/URL field 802A, whichdisplays the web address. In some examples, retrieved webpages aredisplayed in a first portion 802C (e.g., a webpage-displaying portion)of the user interface 802 that is different from a second portion 802B(e.g., a non-webpage-displaying portion) of the user interface 802. Insome examples, the second portion is a status bar, anon-webpage-displaying portion, or the like. In some examples, the webbrowser application is configured to display retrieved webpages in thefirst portion 802C and is not configured to display retrieved webpagesin the second portion 802B. This allows the user to differentiatebetween content displayed as the result of a rendered webpage (e.g., inthe first portion 802C) and content displayed as the result of contentprovided by the web browser application (e.g., in the second portion802B).

At FIG. 8A, requesting device 700 has navigated a website and receiveduser instructions to add one or more items to a virtual shopping cart.Requesting device 700 displays an affordance 804, which when activated,transitions to (e.g., causes display of) a checkout webpage 805 of FIG.8B. In some examples, the affordance 804 is displayed in the firstportion 802C of the user interface 802 of the web browser application.

At FIG. 8B, requesting device 700 displays (e.g., in the first portion802C) the checkout webpage (e.g., in response to detecting activation ofaffordance 804). In accordance with a determination that a set of one ormore transaction conditions are met, the requesting device 700 displaysan affordance 802D (e.g., in the second portion 802B, in the firstportion 802C). For example, the set of one or more transactionconditions include one or more of: (1) a condition that is met when aremote server (e.g., that provided the checkout webpage for display)requests that a payment affordance be displayed, (2) a condition that ismet when the requesting device 700 determines that a remote server(e.g., that provided the checkout webpage for display) is configured toaccept payments using a particular payment method, and (3) a conditionthat is met when the requesting device 700 determines that the displayedwebpage includes a request for payment that, for example, is displayedin the first portion 802C. The affordance 802D, when activated, causesdisplay of a payment sheet 802E. In some examples, the payment sheet802E is a user interface of the operating system of the requestingdevice. In some embodiments, the payment sheet 802E is part of afirst-party application provided by a provider of the operating systemof the requesting device.

In some examples, as illustrated in FIGS. 8C-1 and 8C-2, the paymentsheet 802E slides into display (e.g., into view on the display) inresponse to activation of the affordance 802D. In some examples, thepayment sheet 802E at least partially obscures the checkout webpagedisplayed in the first portion 802C. In some examples, the payment sheet802E at least partially obscures the second portion 802B. In someexamples, the payment sheet 802E is not a part of the first portion 802Cor the second portion 802C, but rather overlays the two portions.

The payment sheet 802E includes one or more options for selection. Theone or more options include, for example, one or more of: one or moreproducts/services for purchase, one or more shipping preferences (e.g.,a shipping address), one or more payment accounts, one or moreauthenticating devices, and a contact name.

In some examples, the payment sheet 802E includes an indication of adefault payment account 802G associated with an authenticating device(e.g., a default authenticating device). In some examples, the paymentsheet 802E includes a user-configurable “ship to” mailing address. Forexample, the requesting device 700 populates the mailing address fieldbased on information stored at the requesting device 700 (e.g., based onprofile information or a default contact address stored in a contactsapplication). In some examples, the requesting device 700 receivesuser-selection of an address for use as the mailing address. In someexamples, the payment sheet 802E includes a user-configurable contactname. The requesting device 700 populates the contact name field basedon information stored at the requesting device 700 (e.g., based onprofile information or a default contact name stored in a contactsapplication). In some examples, the payment sheet 802E includes a totalcost, tax amount, and/or shipping cost of a payment transaction. Byreceiving selection of various options, the requesting device accountsfor the user's purchase preferences.

In some examples, payment sheet 802E includes a payment option 802F,which when activated, causes display of options for a plurality ofpayment accounts associated with corresponding authenticating devices,as illustrated in FIG. 8D. In some embodiments, a first payment account(e.g., indicated by option 802H) is associated with a firstauthenticating device (e.g., indicated by graphical indication 802I ofthe first authenticating device) and a second payment account (e.g.,indicated by option 802J) corresponds to a second authenticating device(e.g., indicated by graphical indication 802K of the secondauthenticating device) that is different from the first authenticatingdevice. For example, the payment accounts are grouped according to theircorresponding authenticating device or are displayed along withgraphical or textual indications of which authenticating devicecorresponds to each of the payment accounts. In some examples, a firstarea includes one or more (or a plurality of) indications of paymentaccounts associated with the first authenticating device and a secondarea different from the first area includes one or more (or a pluralityof) indications of payment accounts associated with the secondauthenticating device. In some examples, at least some of the paymentaccounts associated with the first authenticating device are differentthan the payment accounts associated with the second authenticatingdevice. By receiving selection of a payment account from among thevarious payment accounts that have been provisioned on the user'svarious personal devices, the requesting device accounts for the user'spayment preference.

In some examples, requesting device 700 receives selection of an option802H corresponding to a respective payment account from among theoptions for the plurality of payment accounts. In response to receivingselection of the option 802H corresponding to the respective paymentaccount, requesting device 700 selects the respective authenticatingdevice (e.g., as indicated by graphical indication 802I of the firstauthenticating device) based on the selected option 802H correspondingto the respective payment account. In this example, the display ofauthenticating device 500 is not displaying anything (e.g., the displayis turned off). In response to receiving selection of the option 802Hcorresponding to a respective payment account from among the options forthe plurality of payment accounts, the requesting device displays theexemplary user interface illustrated in FIG. 8E.

In some examples, the requesting device is a smart phone. In someexamples, the smart phone displays a user interface for a web browserapplication. In some examples, the smart phone displays a user interfacefor an application that has been downloaded from a remote server andinstalled on the smart phone. In some examples, the smart phone detectsactivation of an affordance (e.g., 802D), and, in response displays apayment sheet (e.g., 802E). In some examples, the requesting device is asmart watch. In some examples, the smart watch displays a user interfacefor an application that has been downloaded from a remote server andinstalled on the smart watch. In some examples, the smart watch detectsactivation of an affordance (e.g., 802D), and, in response displays apayment sheet (e.g., 802E).

At FIG. 8E, after the requesting device 700 receives selection of theone or more options (e.g., receiving user selection of a contact name;receiving user selection of a payment account; receiving selection of anauthenticating device; receiving selection of one or moreproducts/services for purchase; receiving selection of one or moreshipping preferences; or a combination of these), the requesting device700 receives selection of an option 822 (e.g., detecting user activationof a “confirm” affordance or a “make payment” affordance) to proceedwith an action (e.g., proceeding with a payment transaction) associatedwith the selected one or more options (e.g., 802H). In some examples,the action is based on the selected one or more options (e.g., 802H). Insome examples, a plurality of the one or more options is selected.

The requesting device 700 transmits a request to proceed with theaction. The request includes information about (or based on) theselected one or more options. In some examples, the requesting device700 transmits the request to proceed with the action to theauthenticating device 500 based on the received input selecting theoption 802H corresponding to the authenticating device.

As illustrated in FIG. 8F, the authenticating device 500 receives therequest to proceed with the action. The transmission from the requestingdevice 700 to the authenticating device 500 is direct or indirect, suchas through an intermediary device.

In response to receiving the request to proceed with the action, theauthenticating device 500 displays (while remaining in the lockedstate), on the display, a request notification 830 (e.g., on the lockscreen of the authenticating device 500). In some examples, theauthenticating device 500 is in a locked state when receiving therequest to proceed with the action. In some examples, the requestnotification 830 includes one or more of the information 832 about (orbased on) the selected one or more options and an indication 834 of therequesting device 700.

In some examples, as illustrated in FIG. 8G, the authenticating device500 receives input activating the request notification 830 (e.g.,receiving a user swipe gesture 836 to slide the request notification 830beyond a threshold distance or a user input gesture pressing on thenotification with a characteristic intensity above a respectivethreshold intensity).

In some examples, as illustrated in FIG. 8H, the authenticating device500 requests (e.g., by displaying a request 840 and/or causing a hapticvibration) authorization to unlock the authenticating device 500.

In some examples, the authenticating device 500 receives authorization(e.g., via fingerprint or passcode) to unlock the authenticating device(e.g., to transition the authenticating device 500 to an unlockedstate). This authorization for unlocking the device is separate and inaddition to authorization to proceed with the action. In some examples,the authorization to unlock and the authorization to proceed with theaction can be satisfied using the same technique (e.g., using the samefingerprint or the same password). In some examples, the authorizationto unlock and the authorization to proceed with the action are satisfiedusing different techniques (e.g., using a fingerprint for authorizationto unlock and a password for authorization to proceed with the action).In some examples, the authorization to unlock and the authorization toproceed with the action are satisfied using the same technique, but withdifferent inputs (e.g., using a first fingerprint for authorization tounlock and a second fingerprint for authorization to proceed with theaction; using a first password for authorization to unlock and a secondpassword for authorization to proceed with the action). In response to(or subsequent to) receiving authorization to unlock the authenticatingdevice 500, authenticating device 500 unlocks (e.g., transitioning theauthenticating device 500 to an unlocked state).

At FIG. 8I, the authenticating device 500 concurrently displays (e.g.,in response to receiving the request to proceed with the action; inresponse to unlocking), on the display of the authenticating device 500,an indication 850 of the request to proceed with the action, theinformation 852 about the selected one or more options (e.g., selectionof a contact name; selection of a payment account; selection of anauthenticating device; selection of one or more products/services forpurchase; selection of one or more shipping preferences; or acombination thereof), and an indication 854 of the requesting device 700(e.g., the name of the requesting device, an identifier of therequesting device, or an icon or image that represents the requestingdevice, such as a line drawing of a housing of the requesting device).

In some examples, the indication 854 of the requesting device 700includes a graphical representation of the requesting device 700. Insome examples, the graphical representation of the requesting device 700is an icon representation of the requesting device 700, such as a linedrawing of a housing of the device. In some examples, the iconrepresentation includes one or more of: a finish, a form factor, and oneor more dimension information of the requesting device 700. For example,the graphical representation may indicate that the requesting device 700is a gold MacBook® or a 27″ iMac®.

The authenticating device 500 displays, on the display of theauthenticating device 500, a request 856 for authorization to proceedwith the action.

As illustrated in FIG. 8K, the authenticating device 500 receives aninput that is responsive to the request for authorization to proceedwith the action (e.g., user authentication information, a fingerprint offinger 858, a passcode). For example, the authenticating device 500receives as input a fingerprint of finger 858 and determines that thefingerprint is consistent with a fingerprint enabled to authorize toproceed with the action.

The authenticating device 500 transmits a response to the request toproceed with the action. For example, the authenticating device 500transmits the response to the requesting device 700. The response to therequest to proceed with the action is based on the input that isresponsive to the request for authorization to proceed with the action.In some examples, the authenticating device 500 provides an indication860 that a response to the request to proceed with the action was sent.

The requesting device 700 receives (e.g., in response to transmittingthe request; subsequent to transmitting the request) the response to therequest to proceed with the action. For example, the requesting device700 receives the response to the request to proceed with the action fromthe authenticating device 500.

As illustrated in FIG. 8K, in accordance with a determination, at therequesting device 700, that the response to the request to proceed withthe action indicates that the authorization at the authenticating device500 (e.g., a user authentication by the authenticating device 500 basedon a biometric, a fingerprint, a password) was successful, therequesting device 700 displays, on the display of the requesting device700, an indication 862 that the authorization was successful.

In some examples, as illustrated in FIG. 8L, the requesting device 700displays (e.g., in the first portion 802C) an indication 864 that therequesting device 700 (and alternatively or in addition, theauthenticating device 500) proceeded with the action. In some examples,the requesting device 700 displays (e.g., in the second portion 802B) anindication that the requesting device 700 (and alternatively or inaddition, the authenticating device 500) proceeded with the action.

As illustrated in FIG. 8M, in accordance with a determination, at therequesting device 700, that the response to the request to proceed withthe action indicates that the authorization (e.g., a user authenticationby the authenticating device 500 based on a biometric, a fingerprint, apassword) was not successful, displaying, on the display of therequesting device 700, an indication 866 that the authorization was notsuccessful. The indication 862 that the authorization was successful isdifferent from the indication 866 that the authorization was notsuccessful.

In some examples, receiving authorization to proceed with the actionincludes receiving a passcode via a touch-sensitive surface of theauthenticating device 500, the passcode being determined to beconsistent with an enrolled passcode that is enabled to authorize theaction. In some examples, authorization to proceed includes detecting afingerprint using a fingerprint sensor, the fingerprint being determinedto be consistent with an enrolled fingerprint that is enabled toauthorize the action. For example, the authenticating device 500 storesinformation about one or more fingerprints of the user to use fordetermining whether a respective fingerprint is enabled to authorize theaction. In some examples, authorization to proceed includes receiving adouble-press of a mechanical button while the device is in an unlockedstate (and, optionally, while the device is on a user's wrist, such asby detecting that the device is in contact with the user's skin).

In some examples, the authenticating device 500 includes hardware (e.g.,a secure element) configured to respond (e.g., by generating orproviding payment information) to the input that is responsive to therequest for authorization to proceed with the action and the requestingdevice 700 does not include the hardware (e.g., a secure element). Thus,the user is able to take advantage of the hardware capabilities of adevice (e.g., the authenticating device 500) while using (or performingtasks on) a different device (e.g., the requesting device 700).

FIGS. 9A-9D are flow diagrams illustrating method 900 for managing aremote authorization to proceed with an action using an electronicdevice in accordance with some embodiments. Method 900 is performed at arequesting device (e.g., 100, 300, 500) with a display and at anauthenticating device (e.g., 700) with a display. In some examples, theauthenticating device 500 includes hardware (e.g., a secure element, atoken generator) configured to respond (e.g., by generating or providingpayment information) to the input that is responsive to the request forauthorization to proceed with the action and the requesting device 700does not include the hardware (e.g., a secure element). Some operationsin method 900 are, optionally, combined, the order of some operationsis, optionally, changed, and some operations are, optionally, omitted.

As described below, method 900 provides an intuitive way for managing aremote authorization to proceed with an action. The method reduces thecognitive burden on a user, thereby creating a more efficienthuman-machine interface. For battery-operated computing devices,enabling a user to manage a remote authorization faster and moreefficiently conserves power and increases the time between batterycharges.

At block 902, a requesting device (e.g., 700, a laptop device that doesnot have a hardware token generator) receives selection of one or moreoptions (e.g., 708, 718, 802G, 802H, 802J). For example, the requestingdevice receives user selection of a name or address of a remote server,receives user selection of a security token generation algorithm fromamong a plurality of token generation algorithms, receives userselection of a length for the to-be-generated security token, receivesuser selection of one or more products/services for purchase, receivesuser selection of one or more shipping preferences, receives userselection of a payment account, or a combination thereof.

At block 904, the requesting device (e.g., 700) receives selection of anoption (e.g., 722, 822) to proceed with an action associated with theselected one or more options. In some examples, the action is creating asecure network connection. In some examples, the action is proceedingwith a payment transaction. In some examples, receiving selection ofoption includes detecting user activation of a “confirm” affordance or a“connect affordance.” In some examples, the action is based on theselected one or more options (e.g., 708, 718, 802G, 802H, 802J).

At block 906, the requesting device (e.g., 700) transmits a request toproceed with the action. The request includes information about (orbased on) the selected one or more options (e.g., 708, 718, 802G, 802H,802J). For example, the request may include selected shippinginformation or selected payment account information.

At block 908, the authenticating device (e.g., 500, a phone device thatdoes have a hardware token generator; a phone device that does have asecure element) receives the request to proceed with the action. In someexamples, the transmission of the request to proceed with the actionfrom the requesting device (e.g., 700) to the authenticating device(e.g., 500) is direct. In some examples, the transmission is indirect,such as through an intermediary device.

At block 910, the authenticating device concurrently displays (e.g., inresponse to receiving the request), on the display of the authenticatingdevice, an indication (e.g., 750, 850) of the request to proceed withthe action, the information (e.g., 752, 852) about the selected one ormore options, and an indication (e.g., 754, 854) of the requestingdevice (e.g., the name of the requesting laptop or phone, an identifierof the requesting device, or an icon or image that represents therequesting device such as a line drawing of a housing of the device).

At block 912, the authenticating device (e.g., 500) displays, on thedisplay of the authenticating device, a request (e.g., 756, 856) forauthorization to proceed with the action.

At block 914, the authenticating device receives an input that isresponsive to the request for authorization to proceed with the action(e.g., user authentication information, a fingerprint of finger 758/858,a passcode).

At block 916, the authenticating device transmits a response to therequest to proceed with the action. The response to the request toproceed with the action is based on the input that is responsive to therequest for authorization to proceed with the action.

At block 918, the requesting device receives (e.g., in response totransmitting the request; subsequent to transmitting the request) theresponse to the request to proceed with the action.

At block 920, in accordance with a determination, at the requestingdevice (e.g., 700), that the response to the request to proceed with theaction indicates that the authorization (e.g., a user authentication) atthe authenticating device (e.g., 500) was successful (e.g., the usersuccessfully authenticated based on biometrics, a fingerprint, or apassword), the requesting device (e.g., 700) displays, on the display ofthe requesting device, an indication (e.g., 762, 862) that theauthorization was successful.

At block 932, in accordance with a determination, at the requestingdevice (e.g., 700), that the response to the request to proceed with theaction indicates that the authorization (e.g., a user authenticationbased on a biometric, a fingerprint, a password) at the authenticatingdevice (e.g., 500) was not successful, the requesting device (e.g., 700)displays, on the display of the requesting device, an indication (e.g.,766, 866) that the authorization was not successful. The indication(e.g., 762, 862) that the authorization was successful is different fromthe indication (e.g., 766, 866) that the authorization was notsuccessful).

In some examples, receiving authorization to proceed with the actionincludes receiving a passcode via a touch-sensitive surface of theelectronic device. The authorization is successful when the passcode isdetermined to be consistent with an enrolled passcode that is enabled toauthorize the action. In some examples, authorization to proceedincludes detecting a fingerprint. The authorization is successful whenthe fingerprint is determined to be consistent with an enrolledfingerprint that is enabled to authorize the action. For example, thedevice stores information about one or more fingerprints of the user touse for determining whether a respective fingerprint is enabled toauthorize the action. In some examples, authorization to proceedincludes receiving a double-press of a mechanical button while thedevice (e.g., a smartwatch device) is in an unlocked state (and,optionally, while the device is on a user's wrist, such as by detectingthat the device is in contact with the user's skin.)

In some examples, the authenticating device (e.g., 500) includeshardware (e.g., a hardware token generator, a secure element) configuredto respond (e.g., by generating or providing a token, by generating orproviding payment information) to the input that is responsive to therequest for authorization to proceed with the action and the requestingdevice (e.g., 700) does not include the hardware (e.g., the hardwaretoken generator, the secure element).

In some examples, at block 824, the action is creating a secure networkconnection between the authenticating device (e.g., 500) and a remoteserver. In response to determining, at the authenticating device (e.g.,500), that the input that is responsive to the request for authorizationto proceed with the action is consistent with input authorized toproceed with the action, (e.g., successful user authentication based onthe user input, user authentication information, a fingerprint, apasscode), the authenticating device proceeds with the action (e.g.,creating a secure network connection) using the hardware configured torespond to the input that is responsive to the request for authorizationto proceed with the action (e.g., a hardware token generator). Thus, theauthenticating device proceeds with creating a secure network connectionby using a token generated by the hardware token generator. For example,the authenticating device (e.g., 500) transmits the token to the remoteserver. In some examples, the action is proceeding with a paymenttransaction, rather than creating a secure network connection.

In some examples, at block 826, the action is creating a secure networkconnection between the requesting device (e.g., 700) and a remoteserver. In response to determining, at the authenticating device (e.g.,500), that the input that is responsive to the request for authorizationto proceed with the action is consistent with input authorized toproceed with the action (e.g., successful user authentication based onthe user input, user authentication information, a fingerprint, apasscode), the authenticating device transmits a token to the requestingdevice. The token having been generated using hardware of theauthenticating device (e.g., 500) configured to respond to the inputthat is responsive to the request for authorization to proceed with theaction (e.g., a hardware token generator). The requesting device (e.g.,700) receives the token from the authenticating device. The requestingdevice (e.g., 700) proceeds with the action (e.g., creating a securenetwork connection) using the token received from the authenticatingdevice (e.g., 500).

In some examples, the indication of the requesting device (e.g., 700)includes a graphical representation (e.g., 754, 854) of the requestingdevice (e.g., 700). In some examples, the graphical representation(e.g., 754, 854) of the requesting device (e.g., 700) is an iconrepresentation of the requesting device such as a line drawing of ahousing of the device, the icon representation including one or more of:a finish, a form factor, and one or more dimension information of therequesting device. For example, the graphical representation mayindicate that the requesting device (e.g., 700) is a gold MacBook® or a27″ iMac®.

In some examples, at block 828, the authenticating device is in a lockedstate when receiving the input that is responsive to the request forauthorization to proceed with the action (e.g., user authenticationinformation, a fingerprint, a passcode). In response to determining, atthe authenticating device, that the input that is responsive to therequest for authorization to proceed with the action is consistent withinput authorized to proceed with the action, the authenticating devicesmaintains (e.g., remains in) the locked state while transmitting theresponse to the request to proceed with the action, wherein the responseto the request to proceed with the action based on the input. Thus, itis not necessary to request that the authenticating device (e.g., 500)be unlocked (e.g., as in FIGS. 7G, 8H and their accompanyingdescriptions).

In some examples, detecting an interaction with the fingerprint sensorwhile the authenticating device is locked would (in the absence of therequest for authorization) cause the authenticating device (e.g., 500)to unlock (e.g., a touch on a fingerprint sensor embedded into a homebutton causes the device to unlock if detected while the lock screen isdisplayed, but causes the request to be authorized without unlocking theauthenticating device when the touch on the fingerprint sensor isdetected while the request is displayed on the display of theauthenticating device). Thus, in some examples the swipe gestures 736and 836 cause display of the user interfaces of FIGS. 7H and 8I,respectively.

In some examples, the requesting device (e.g., 700) is signed into aservice using an account when transmitting the request to proceed withthe action and the authenticating device (e.g., 500) is signed into theservice using the account when receiving the request to proceed with theaction (e.g., both the requesting device and the authenticating devicesare signed into a service using the same user account/the same usercredentials). Alternatively, the requesting device (e.g., 700) and theauthenticating device (e.g., 500) are each signed into separate accountson the same service, and the separate accounts are linked to each other(e.g., explicitly linked to each other for the purpose of authorizingthe action).

In some examples, at block 830, the action is proceeding with a paymenttransaction, and in response to determining, at the authenticatingdevice (e.g., 500), that the input that is responsive to the request forauthorization to proceed with the action is consistent with inputauthorized to proceed with the action (e.g., successful userauthentication based on the user input, user authentication information,a fingerprint, a passcode), the authenticating device (e.g., 500)proceeds with the action (e.g., proceeding with the payment transaction)using hardware (e.g., a secure element) configured to respond to theinput that is responsive to the request for authorization to proceedwith the action. In some examples, the hardware used to perform theaction is not available at the requesting device (e.g., 700). Forexample, the authenticating device (e.g., 500) provides (e.g., to apayment transaction server/merchant so that the merchant can receivepayment from a payment institution or the requesting device) paymentinformation (e.g., a payment account number) for use in the paymenttransaction.

In some examples, at block 832, the action is proceeding with a paymenttransaction, and in response to determining, at the authenticatingdevice (e.g., 500), that the input that is responsive to the request forauthorization to proceed with the action is consistent with inputauthorized to proceed with the action (e.g., successful userauthentication based on the user input, user authentication information,a fingerprint, a passcode), the authenticating device (e.g., 500)transmits payment information to the requesting device. The paymentinformation is generated using hardware (e.g., a secure element)configured to respond to the input that is responsive to the request forauthorization to proceed with the action. In some examples, the hardwareused for generating the payment information is not available at therequesting device (e.g., 700). The requesting device (e.g., 700)receives the payment information from the authenticating device (e.g.,500). The requesting device (e.g., 700) proceeds with the action (e.g.,proceeding with the payment transaction; providing the paymentinformation to a payment transaction server/merchant so that themerchant can receive payment from a payment institution) using thepayment information (e.g., a payment account number) received from theauthenticating device (e.g., 500).

In some examples, the authenticating device (e.g., 500) transmits atoken to a server (e.g., a remote server), and the server uses the tokento obtain a resource associated with the token (e.g., CPU time, networksocket, memory access). In some examples, the requesting device (e.g.,700) transmits a token to a server (e.g., a remote server), and theserver uses the token to obtain a resource associated with the token(e.g., CPU time, network socket, memory access).

In some examples, the authenticating device (e.g., 500) transmits thepayment information to a payment transaction server (e.g., a merchant'sserver), and the payment transaction server uses the payment informationto obtain a resource (e.g., funds) associated with the paymentinformation (e.g., payment from a user payment account specified by thetoken). In some examples, the requesting device (e.g., 700) transmitsthe payment information to a payment transaction server (e.g., amerchant's server), and the payment transaction server uses the paymentinformation to obtain a resource (e.g., funds) associated with thepayment information (e.g., payment from a user payment account specifiedby the token).

In some examples, the action is proceeding with a payment transaction.The authenticating device (e.g., 500) includes hardware (e.g., hardwaresecure element) for authorizing payment transactions. In some examples,the hardware is configured to respond to the input that is responsive tothe request for authorization to proceed with the action. For example,the hardware of the authenticating device (e.g., 500) generates and/orprovides payment information once it receives authorization byauthenticating a user (e.g., using fingerprint authentication, usingpasscode authentication). In some examples, the requesting device (e.g.,700) does not include the hardware for authorizing payment transactions.In some examples, the authenticating device (e.g., 500) includeshardware for authenticating a user and the requesting device (e.g., 700)does not include the hardware for authenticating the user.

In some examples, the action is proceeding with a payment transaction.Subsequent to determining, at the authenticating device (e.g., 500),that the input that is responsive to the request for authorization toproceed with the action is consistent with input authorized to proceedwith the action (e.g., successful user authentication based on the userinput, user authentication information, a fingerprint, a passcode), theauthenticating device (e.g., 500) proceeds with the action (e.g.,proceeding with the payment transaction using the payment information)without further input from the requesting device (e.g., 700). Forexample, the authenticating device transmits the information (e.g.,payment information) necessary for processing the payment transaction toa payment transaction server. In some examples, subsequent todetermining authorization to proceed is provided, the authenticatingdevice (e.g., 500) proceeds with the action (e.g., proceeding with thepayment transaction using the payment information) without further inputfrom the user at the authenticating device (e.g., 500).

In some examples, the authenticating device (e.g., 500) is a phone(e.g., a smartphone) and the requesting device is a television device(e.g., a flat panel television or a set top box that is controllingdisplay of a user interface on the flat panel television). In someexamples, the authenticating device is a phone (e.g., a smart phone) andthe requesting device is a computer (e.g., a laptop computer, a desktopcomputer). In some examples, the authenticating device is a wearabledevice (e.g., an electronic smartwatch) and the requesting device is atelevision device (e.g., a flat panel television or a set top box thatis controlling display of a user interface on the flat paneltelevision). In some examples, the authenticating device is a wearabledevice (e.g., an electronic smartwatch) and the requesting device is acomputer (e.g., a laptop computer, a desktop computer).

In some examples, an electronic wallet of the authenticating device(e.g., 500) includes one or more payment accounts associated with a userof the authenticating device and the payment information is based on apayment account of the one or more payment accounts. In some examples,the payment information is an account number or a PAN of a paymentaccount.

In some examples, proceeding with the payment transaction includestransmitting the payment information (e.g., payment information of apayment account linked to the electronic device and stored in anelectronic wallet of the device) to a payment transaction server toengage in the payment transaction. In some examples, engaging in thepayment transaction includes routing information to one or morefinancial institutions to verify payment credentials and/or receiveauthorization to complete the transaction. For example, paymentinformation is transmitted from the authenticating device (e.g., 500) toa payment server for engaging in the payment transaction. For anotherexample, payment information is transmitted from the requesting device(e.g., 700) to a payment server for engaging in the payment transaction.

In some examples, proceeding with the payment transaction includes usingthe payment information (e.g., payment information of a payment accountlinked to the electronic device and stored in an electronic wallet ofthe device) to complete the payment transaction. In some examples,proceeding with the payment transaction includes using the paymentinformation (e.g., an account number or a PAN of a payment account) foruse in the payment transaction (e.g., using a credit account to make thepurchase) to complete the payment transaction, where the paymentinformation is stored at the electronic device (e.g., 500, 700).

Note that details of the processes described above with respect tomethod 900 (e.g., FIGS. 9A-9D) are also applicable in an analogousmanner to the methods described below. For example, methods 1000 and1100 optionally include one or more of the characteristics of thevarious methods described above with reference to method 900. Forexample, characteristics and techniques of the requesting devices of thevarious methods can be combined. For another example, characteristicsand techniques of the authenticating devices of the various methods canbe combined. For brevity, some of these details are not repeated below.

FIGS. 10A-10B are flow diagrams illustrating method 1000 for managing aremote authorization to proceed with an action using an electronicdevice in accordance with some embodiments. Method 1000 is performed ata requesting device (e.g., 100, 300, 700) with a display. In someexamples, the requesting device (e.g., 700) does not have a hardwaretoken generator or a secure element. Some operations in method 1000 are,optionally, combined, the order of some operations is, optionally,changed, and some operations are, optionally, omitted.

As described below, method 1000 provides an intuitive way for managing aremote authorization to proceed with an action. The method reduces thecognitive burden on a user, thereby creating a more efficienthuman-machine interface. For battery-operated computing devices,enabling a user to manage a remote authorization faster and moreefficiently conserves power and increases the time between batterycharges. The method also improves the security of transactions byallowing a user to use an authenticating device with specializedauthentication and/or secure storage hardware. The method also reducesthe cost of devices by enabling specialized authentication and/or securestorage hardware from one device to be used by a user at another device.

At block 1002, the requesting device receives selection of one or moreoptions (e.g., 708, 718, 802G, 802H, 802J) associated with an action.For example, the requesting device receives user selection of a securitytoken generation algorithm from among a plurality of token generationalgorithms, receives user selection of a length for the to-be-generatedsecurity token, receives selection of one or more products/services forpurchase, receives selection of one or more shipping preferences,receives selection of a payment account, or a combination thereof. Insome examples, the selected one or more options associated with theaction are displayed on the display of the requesting device. In someexamples, the one or more options associated with the action are aplurality of options associated with the action.

In some examples, at block 1004, the action is creating a secure networkconnection. The secure network is created between the requesting device(e.g., 700) and a remote server by transmitting (e.g., by the requestingdevice or the authenticating device) a token to the remote server. Insome examples, the action is to create a secure connection between theauthenticating device and a remote server by transmitting (e.g., by therequesting device or the authenticating device) a token to the remoteserver. In some examples, the authenticating device (e.g., 500)generates the token and transmits the token to the requesting device(e.g., 700) prior to the requesting device (e.g., 700) transmitting thetoken to the remote server.

In some examples, at block 1006, the action is proceeding with a paymenttransaction (e.g., by transmitting payment information to a paymenttransaction server for use by the payment transaction server to processthe payment transaction).

At block 1008, the requesting device receives selection of an option(e.g., 722, 822) to proceed (e.g., detecting user activation of a“confirm” affordance) with the action (e.g., creating a secure networkconnection; proceeding with a payment transaction) associated with theselected one or more options (e.g., 708, 718, 802G, 802H, 802J). In someexamples, the action is based on the selected one or more options.

At block 1010, the requesting device (e.g., 700) transmits (e.g., inresponse to receiving selection of the option to proceed with theaction) to an authenticating device (e.g., 500; a phone device that doeshave a hardware token generator; a phone device that does have a secureelement; the transmission to the authenticating device being direct orindirect, such as through an intermediary device), a request to proceedwith the action. The request includes information about (or based on)the selected one or more options. The information (e.g., 752, 852) aboutthe selected one or more options are for display by the authenticatingdevice (e.g., 500). For example, the information about the selected oneor more options are for display on a display of the authenticatingdevice (e.g., 500).

At block 1012, the requesting device (e.g., 700) receives (e.g., inresponse to transmitting the request; subsequent to transmitting therequest), from the authenticating device (e.g., 500), a response to therequest to proceed with the action. The response to the request toproceed with the action is indicative of an input at the authenticatingdevice (e.g., 500).

At block 1014, in accordance with a determination that the response tothe request to proceed with the action indicates that an authorization(e.g., a user authentication by the authenticating device based on abiometric, a fingerprint, a password) at the authenticating device(e.g., 500) was successful, the requesting device (e.g., 700) displays,on the display of the requesting device, an indication (e.g., 762, 862)that the authorization was successful.

In some examples, at block 1016, in accordance with a determination thatthe response to the request to proceed with the action indicates thatthe authorization at the authenticating device (e.g., a userauthentication by the authenticating device based on a biometric, afingerprint, a password) was not successful, the requesting device(e.g., 70) displays, on the display of the requesting device, anindication (e.g., 766, 866) that the authorization was not successful.The indication that the authorization was successful (e.g., 762, 862) isdifferent from the indication (e.g., 766, 866) that the authorizationwas not successful.

In some examples, the action is creating a secure network connection.The requesting device (e.g., 700) receives a token from theauthenticating device (e.g., 500). The requesting device (e.g., 700)proceeds with the action (e.g., creating the secure network connection)using the token (e.g., a security token) received from theauthenticating device (e.g., 500).

In some examples, the action is proceeding with a payment transaction.The requesting device (e.g., 700) receives payment information (e.g., apayment account number, an identifier of a payment account, payment cardinformation, such as account number and expiration date) from theauthenticating device (e.g., 500). The requesting device (e.g., 700)proceeds with the action (e.g., proceeding with the payment transaction)using the payment information (e.g., a payment account number, anidentifier of a payment account, payment card information, such asaccount number and expiration date) received from the authenticatingdevice (e.g., 500).

In some examples, proceeding with the payment transaction includestransmitting at least a portion of the payment information to a to apayment transaction server/merchant so that the merchant can receivepayment from a payment institution or the requesting device. Forexample, the payment transaction server is a server configured toprocess payments.

In some examples, the requesting device is signed into a service usingan account and the authenticating device is signed into the serviceusing the account (e.g., both the requesting device and theauthenticating devices are signed into a service using the same useraccount/the same user credentials). Alternatively, the requesting deviceand the authenticating device are each signed into separate accounts onthe same service, wherein the separate accounts are linked to each other(e.g., explicitly linked to each other for the purpose of authorizingthe action).

In some examples, at block 1014, the requesting device (e.g., 700)receives (e.g., via communication with a bank, card issuer server,payment transaction server, or merchant; via communication with theauthenticating device) an indication that the action was successful(e.g., a payment has been approved by the authenticating device, a tokenhas been sent by the authenticating device). The requesting device(e.g., 700) presents a notification (e.g., 762, 862) at the requestingdevice that the action was successful (e.g., via displaying thenotification on the display; via playing audio of the notification on aspeaker; via performing a tactile output at the requesting device).

In some examples, at block 1016, the requesting device (e.g., 700)receives (e.g., via communication with a bank, card issuer server,payment transaction server, or merchant; via communication with theauthenticating device) an indication that the action was not successful(e.g., a payment has been rejected by the authenticating device, a tokenhas not been sent by the authenticating device). The requesting device(e.g., 700) presents a notification (e.g., 766, 866) at the requestingdevice (e.g., 700) that the action was not successful (e.g., viadisplaying the notification on the display; via playing audio of thenotification on a speaker; via performing a tactile output at therequesting device).

In some examples, prior to transmitting the request to proceed with theaction, the requesting device (e.g., 700) determines whether a set ofone or more conditions that indicate whether the requesting device(e.g., 700) is capable of authorizing the request is met (e.g., is alocal token generator for generating token information available; is alocal secure element with payment account information available).Transmitting the request to the authenticating device occurs inaccordance with a determination that the set of one or more conditionsis not met. In accordance with a determination that the set of one ormore conditions is met, the requesting device does not transmit therequest for information to the authenticating device and instead usescapabilities of the requesting device to authenticate the request (e.g.,using a locally available fingerprint sensor and secure element togenerate a token and/or retrieve payment information that can be used tocomplete the transaction). In some examples, if a fingerprint sensor andsecure element are available at the requesting device (e.g., 700), therequesting device displays a user interface instructing the user toprovide authentication to proceed with the transaction using thefingerprint sensor and secure element that are available locally at thedevice. Alternatively, in some examples, the requesting device (e.g.,700) displays instructions for entering a passcode that, when entered,enables retrieval of the token from the token generator or paymentinformation from the secure element.

In some examples, the set of one or more conditions is met when hardware(e.g., a local secure element) configured to generate (or securely storeor provide) payment information is available at the requesting device(e.g., 700). In some examples, in accordance with a determination thatthe set of one or more conditions is met, the requesting devicerequests, from the secure element of the requesting device (e.g., 700),payment information for use in proceeding with the action.

In some examples, the request to proceed with the action includes one ormore payment transactions details (e.g., a price, a merchant name, ashipping address, a payment account identifier, a URL of a paymenttransaction server).

In some examples, prior to transmitting, by the requesting device (e.g.,700), to the authenticating device (e.g., 500) the request to proceedwith the action, the requesting device (e.g., 700) provides options(e.g., displaying options) corresponding to a plurality ofauthenticating devices, the plurality of authenticating devicesincluding the authenticating device, and the requesting device (e.g.,700) receives input (e.g., user input on a touch-sensitive surface)selecting an option corresponding to the authenticating device (e.g.,500). The transmitting, by the requesting device (e.g., a laptop devicethat does not have a hardware token generator, a laptop device that doesnot have a secure element), to the authenticating device the request toproceed with the action is done in accordance with receiving the inputselecting the authenticating device from among the plurality ofauthenticating devices. In some examples, the options corresponding tothe plurality of authenticating devices are displayed in a browser userinterface of a web browser (e.g., a sheet, tongue, or overlay thatexpands from a portion of the web browser such as a smart search fieldor web address field). In some examples, a plurality of other optionsassociated with the transaction is also displayed concurrently with theoptions corresponding to the authenticating devices (e.g., a shippingaddress, shipping options).

In some examples, prior to transmitting, by the requesting device (e.g.,700), to the authenticating device (e.g., 500) the request to proceedwith the action, the requesting device (e.g., 700) selects theauthenticating device (e.g., 500) from among a plurality ofauthenticating devices based on one or more of the proximity of theauthenticating device to the requesting device, the recency of use ofthe authenticating device, a user-defined preference for theauthenticating device, and a prioritization scheme of the plurality ofauthenticating devices. The transmitting, by the requesting device, tothe authenticating device the request to proceed with the action is donein accordance with selecting the authenticating device from among theplurality of authenticating devices. Thus, in some examples, therequesting device (e.g., 700) automatically selects an authenticatingdevice (e.g., 500) based on a criterion.

In some examples, prior to transmitting, by the requesting device (e.g.,700) to the authenticating device the request to proceed with theaction, the requesting device (e.g., 700) selects the authenticatingdevice from among a plurality of authenticating devices based onavailability of a selected payment account (or payment account type) onthe authenticating device. The transmitting, by the requesting device(e.g., 700) to the authenticating device (e.g., 500), the request toproceed with the action is done in accordance with selecting theauthenticating device from among the plurality of authenticatingdevices. In some examples, the requesting device receives inputselecting a payment account and the authenticating device is selectedfrom among the plurality of authenticating devices based on theauthenticating device being provisioned to provide payment informationusing the selected payment account. In some examples, the requestingdevice receives input selecting a card type (such as American Express orVisa) and the authenticating device is selected from among the pluralityof authenticating devices based on the authenticating device beingprovisioned to provide payment information using a payment account ofthe selected card type. In some examples, if a first payment methodselection is received, the requesting device sends the request to afirst authenticating device; if second payment method selection isreceived, the requesting device sends the send request to a secondauthenticating device.

In some examples, in accordance with transmitting, by the requestingdevice (e.g., 700) to the authenticating device, the request to proceedwith the action, the requesting device (e.g., 700) forgoes transmittingto another authenticating device of a plurality of authenticatingdevices the request to proceed with the action. For example, therequesting device only transmits the request to proceed with the actionto one authenticating device, even when multiple authenticating devicesare nearby and available.

In some examples, the requesting device (e.g., 700) transmits, to asecond authenticating device (or to a plurality of authenticatingdevices), the request to proceed with the action. For example, therequesting device concurrently (or sequentially) transmits the requestto proceed with the action to multiple authenticating devices.

In some examples, prior to transmitting the request to proceed with theaction, the requesting device (e.g., 700) determines whether a set ofone or more conditions is met (e.g., is a local secure element forgenerating token information available; is a local secure element withpayment information available). The set of one or more conditions is metwhen hardware (e.g., a local secure element) configured to generate (orprovide or securely store) payment information is available at therequesting device (e.g., 700). In accordance with a determination thatthe set of one or more conditions is not met, the requesting deviceprovides options (e.g., displaying options) corresponding to a pluralityof authenticating devices. The plurality of authenticating devicesincludes the authenticating device (e.g., 500). In some examples, therequesting device receives input (e.g., user input on a touch-sensitivesurface) selecting an option corresponding to the authenticating device.The transmitting, by the requesting device to the authenticating device,the request to proceed with the action is done in accordance withreceiving the input selecting the authenticating device from among theplurality of authenticating devices.

In some examples, subsequent to transmitting the request to proceed withthe action, the requesting device (e.g., 700) receives user inputchanging at least one of the selected one or more options (e.g., 708,718, 802G, 802H, 802J) associated with the action; transmits, to theauthenticating device, a revised request to proceed with the action; andreceives (e.g., in response to transmitting the request; subsequent totransmitting the request), from the authenticating device, aconfirmation of receipt of the revised request to proceed with theaction. The displaying, on the display of the requesting device, theindication that the authorization was successful is done in accordancewith a determination that the confirmation of receipt of the revisedrequest to proceed with the action was received.

In some examples, prior to transmitting the request to proceed with theaction, the requesting device (e.g., 700) displays, on the display ofthe requesting device, the selected one or more options (e.g., 708, 718,802G, 802H, 802J) associated with the action. Subsequent to transmittingthe request to proceed with the action, the requesting device (e.g.,700) receives, from the authenticating device, changes to at least oneof the selected one or more options associated with the action; and inresponse to receiving, from the authenticating device, the changes tothe at least one of the selected one or more options associated with theaction, updates the display in accordance with the received changes tothe at least one of the selected one or more options associated with theaction. For example, the authenticating device receives user inputchanging some of the one or more options and the authenticating devicetransmits information indicative of the changes to the requestingdevice.

In some examples, subsequent to transmitting the request to proceed withthe action, the requesting device (e.g., 700) receives selection of anoption to cancel (e.g., detecting user activation of a “cancel”affordance) the action, and in response to receiving selection of theoption to cancel the action, transmits, to the authenticating device, arequest to cancel the action.

In some examples, the requesting device (e.g., 700) displays, on thedisplay of the requesting device, the one or more options (e.g., 708,718, 802G, 802H, 802J) associated with the action in a third-party userinterface. The requesting device (e.g., 700) displays (e.g.,concurrently with the one or more options), on the display of therequesting device, the option (e.g., 722, 822) to proceed with theaction in a first-party user interface. In some examples, thethird-party user interface is a web page displayed in a web browserapplication. In some examples, the third-party user interface is a userinterface of a first application. In some examples, the first-party userinterface is user interface of a second application different from thefirst application. In some examples, the first-party user interface is auser interface of an operating system of the requesting device. In someexamples, the first-party user interface is a user interface of the webbrowser that is not coded in hypertext markup language.

In some examples, the requesting device (e.g., 700) displays, on thedisplay of the requesting device, the option (e.g., 722, 822) to proceedwith the action in a first-party user interface.

In some examples, the requesting device (e.g., 700) determines whetherone or more authenticating devices are available (e.g., within apredetermined distance) for authentication. In accordance with adetermination that one or more authenticating devices are available(e.g., determining that at least one device is available within apredetermined distance of the requesting device; determining that atleast one device is available on the same LAN as the requesting device;determining that at least one device is available via a personal areanetwork of the requesting device) for authentication, the requestingdevice (e.g., 700) displays, on the display of the requesting device,the option (e.g., 722, 822) to proceed with the action. In accordancewith a determination that one or more authenticating devices are notavailable (e.g., determining that no device is available) forauthentication, forgoing displaying, on the display of the requestingdevice, the option to proceed with the action.

In some examples, prior to transmitting, by the requesting device (e.g.,700) to the authenticating device (e.g., 500), the request to proceedwith the action, the requesting device (e.g., 700) receives selection ofone or more options associated with a second action (e.g., a secondpayment transaction). The request to proceed with the action is arequest to proceed with both the action and the second action andwherein the request further includes information about (or based on) theselected one or more options associated with the second action, theinformation about the selected one or more options associated with thesecond action for display by the authenticating device. For example, theuser can add multiple items from a single website or multiple websitesinto a single shared shopping cart, and then send a single request tothe authenticating device for authorization to purchase the multipleitems. When the request is authenticated, the different websites areinformed of the different purchases, and fulfill the orders separately.

In some examples, prior to receiving (e.g., by the requesting device)selection of the option (e.g., 822) to proceed (e.g., detecting useractivation of a “confirm” affordance) with the action (e.g., proceedingwith a payment transaction) associated with the selected one or moreoptions, the requesting device (e.g., 700) receives selection of apayment option (e.g., 802F). In response to receiving selection of thepayment option (e.g., 802F), the requesting device (e.g., 700) displaysoptions for a plurality of payment accounts (e.g., 802H, 802J)associated with corresponding authenticating devices. In someembodiments, a first payment account is associated with a firstauthenticating device and a second payment account corresponds to asecond authenticating device that is different from the firstauthenticating device. For example, the payment accounts are groupedaccording to their corresponding authenticating device or are displayedalong with graphical or textual indications of which authenticatingdevice corresponds to each of the payment accounts.

In some examples, prior to receiving (e.g., by the requesting device)selection of the option (e.g., 822) to proceed (e.g., detecting useractivation of a “confirm” affordance) with the action (e.g., proceedingwith a payment transaction) associated with the selected one or moreoptions, the requesting device (e.g., 700) receives selection of anoption (e.g., 802H) corresponding to a respective payment account fromamong the options (e.g., 802H, 802J) for the plurality of paymentaccounts. In response to receiving selection of the option (e.g., 802H)corresponding to the respective payment account, the requesting device(e.g., 700) selects the respective authenticating device based on theselected option (e.g., 802H) corresponding to the respective paymentaccount.

In some examples, prior to receiving (e.g., by the requesting device)selection of the option (e.g., 822) to proceed (e.g., detecting useractivation of a “confirm” affordance) with the action (e.g., proceedingwith a payment transaction) associated with the selected one or moreoptions, the requesting device (e.g., 700) displays options (e.g., 802H,802J) for a plurality of payment accounts that are associated withcorresponding authenticating devices. In some examples, a first paymentaccount is associated with a first authenticating device and a secondpayment account corresponds to a second authenticating device that isdifferent from the first authenticating device. For example, the paymentaccounts are grouped according to their corresponding authenticatingdevice or are displayed along with graphical or textual indications ofwhich authenticating device corresponds to each of the payment accounts.The requesting device (e.g., 700) receives selection of an option (e.g.,802H) corresponding to a respective payment account. In response toreceiving selection of the option corresponding to the respectivepayment account, the requesting device (e.g., 700) selects therespective authenticating device based on the selected option (e.g.,802H) corresponding to the respective payment account. In someembodiments a payment account associated with the first authenticatingdevice is initially selected as a default payment account and inresponse to receiving selection of the option corresponding to a secondpayment account, a second device is selected in place of the firstdevice as the respective authenticating device. In some embodimentsthere are more than two devices that are capable of being selected asthe respective authenticating device.

In some examples, subsequent to receiving selection of the option (e.g.,802H) corresponding to the respective payment account, concurrentlydisplaying the option (e.g., 822) to proceed (e.g., a “confirm”affordance) with the action (e.g., proceeding with a paymenttransaction) associated with the selected one or more options and anindication (e.g., 802I) of the authenticating device.

In some examples, the indication (e.g., 802I) of the authenticatingdevice includes a graphical representation of the authenticating device.In some examples, the graphical representation of the authenticatingdevice is an icon representation of the authenticating device such as aline drawing of a housing of the device, the icon representationincluding one or more of: a finish, a form factor, and one or moredimension information of the authenticating device. For example, thegraphical representation may indicate that the requesting device (e.g.,700) is a gold MacBook® or a 27″ iMac®.

In some examples, the options for the plurality of payment accountsincludes payment accounts linked to devices of a first type regardlessof whether the devices of the first type are currently in a locked stateor unlocked state (e.g., even if a wearable device such as a smart watchthat is associated with payment accounts is near the requesting device,if the smart watch is not being worn and/or is in a locked state, thenthe payment accounts associated with the smart watch are excluded fromthe list of payment accounts that are available for use by therequesting device, whereas if the smartwatch is being worn and is in anunlocked state, then the payment accounts associated with the smartwatch are included in the list of payment accounts). The options for theplurality of payment accounts includes payment accounts linked todevices of a second type (e.g., smartwatch devices) based on being in anunlocked state (and alternatively or in addition, based on the devicesof the second type currently being on a user's wrist). In some examples,the options for the plurality of payment accounts do not include paymentaccounts linked to devices of the second type that are in a lockedstate. In some examples, the options for the plurality of paymentaccounts do not include payment accounts linked to devices of the secondtype that are either in the locked state or are not currently on auser's wrist). For example, if a portable device such as a tablet,laptop, or smartphone that is associated with payment accounts is nearthe requesting device, the payment accounts associated with the portabledevice are included in the list of payment accounts whether or not theportable device is locked.

In some examples, the authenticating device (e.g., 500) is a phone andthe requesting device (e.g., 700) is a television device (e.g., a flatpanel television or a set top box that is controlling display of a userinterface on the flat panel television). In some examples, theauthenticating device is a phone and the requesting device is a computer(e.g., a laptop computer, a desktop computer). In some examples, theauthenticating device is a wearable device (e.g., an electronicsmartwatch) and the requesting device is a television device (e.g., aflat panel television or a set top box that is controlling display of auser interface on the flat panel television). In some examples, theauthenticating device is a wearable device (e.g., an electronicsmartwatch) and the requesting device is a computer (e.g., a laptopcomputer, a desktop computer).

In some examples, an electronic wallet of the authenticating device(e.g., 500) includes one or more payment accounts associated with a userof the authenticating device and the payment information is based on apayment account of the one or more payment accounts. In some examples,the payment information is an account number or a PAN of a paymentaccount.

In some examples, proceeding with the payment transaction includestransmitting the payment information to a payment transaction server toengage in the payment transaction. In some examples, engaging in thepayment transaction includes routing information to one or morefinancial institutions to verify payment credentials and/or receiveauthorization to complete the transaction. For example, paymentinformation is transmitted from the authenticating device to a paymentserver for engaging in the payment transaction. For another example,payment information is transmitted from the requesting device to apayment server for engaging in the payment transaction.

In some examples, proceeding with the payment transaction includes usingthe payment information (e.g., payment information of a payment accountlinked to the electronic device and stored in an electronic wallet ofthe device) to complete the payment transaction. In some examples,proceeding with the payment transaction includes using the paymentinformation (e.g., a primary account number) for use in the paymenttransaction (e.g., using a credit account to make the purchase) tocomplete the payment transaction, where the payment information isstored at the electronic device.

Note that details of the processes described above with respect tomethod 1000 (e.g., FIGS. 10A-10B) are also applicable in an analogousmanner to the methods described above and below. For example, methods900 and 1100 optionally include one or more of the characteristics ofthe various methods described above with reference to method 1000. Forexample, characteristics and techniques of the requesting devices of thevarious methods can be combined. For another example, characteristicsand techniques of the authenticating devices of the various methods canbe combined. For brevity, some of these details are not repeated below.

FIG. 11 is a flow diagram illustrating a method for 1100 using anelectronic device in accordance with some embodiments. Method 1100 isperformed at an authenticating device (e.g., 100, 300, 500) with adisplay. In some examples, the authenticating device (e.g., 500)includes hardware (e.g., a secure element, a token generator) configuredto respond (e.g., by generating or providing payment information) toinput that is responsive to the request for authorization to proceedwith the action. Some operations in method 1100 are, optionally,combined, the order of some operations is, optionally, changed, and someoperations are, optionally, omitted.

As described below, method 1100 provides an intuitive way for managing aremote authorization to proceed with an action. The method reduces thecognitive burden on a user for managing a remote authorization, therebycreating a more efficient human-machine interface. For battery-operatedcomputing devices, enabling a user to manage a remote authorizationfaster and more efficiently conserves power and increases the timebetween battery charges.

At block 1102, the authenticating device (e.g., 500) receives, from arequesting device (e.g., 700), a request to proceed with an action. Therequest includes information regarding the action (e.g., informationabout or based on one or more options selected by a user at therequesting device; name of remote server for connection; a transactiondetail, such as a total price or an indication of a payment account).The requesting device (e.g., 700) and the authenticating device (e.g.,500) are both signed into a service using the same account (or are eachsigned into separate accounts that are explicitly linked to each otherfor the purpose of authorizing the action). In some examples, at block1104, the action is creating a secure network connection. In someexamples, at block 1106, the action is proceeding with a paymenttransaction.

At block 1108, the authenticating device (e.g., 500) concurrentlydisplays, on the display of the authenticating device: an indication(e.g., 750, 850) of the request to proceed with the action, theinformation (e.g., 752, 852) regarding the action (e.g., name of remoteserver for connection, a transaction detail, such as a total price or anindication of a payment account), and an indication (e.g., 754, 854) ofthe requesting device (e.g., the name of the requesting laptop or phone;an identifier of the requesting device).

At block 1110, the authenticating device (e.g., 500) displays a request(e.g., 856) for authorization to proceed with the action.

At block 1112, the authenticating device (e.g., 500) receives an inputthat is responsive to the request for authorization to proceed with theaction (e.g., user authentication information, a fingerprint, apasscode). In some examples, receiving authorization to proceed with theaction includes receiving a passcode via a touch-sensitive surface ofthe electronic device, the passcode being determined to be consistentwith an enrolled passcode that is enabled to authorize the action. Insome examples, authorization to proceed includes detecting afingerprint, the fingerprint being determined to be consistent with anenrolled fingerprint that is enabled to authorize the action. Forexample, the device stores information about one or more fingerprints ofthe user to use for determining whether a respective fingerprint isenabled to authorize the action. In some examples, authorization toproceed includes receiving a double-press of a mechanical button whilethe device (e.g., an electronic smartwatch) is in an unlocked state(and, optionally, while the device is on a user's wrist, such as bydetecting that the device is in contact with the user's skin).

In some examples, the action is creating a secure network connectionbetween the requesting device and a remote server. In response todetermining, at the authenticating device (e.g., 500), that the inputthat is responsive to the request for authorization to proceed with theaction is consistent with input authorized to proceed with the action(e.g., successful user authentication based on the user input, userauthentication information, a fingerprint, a passcode), theauthenticating device (e.g., 500) transmits token information to therequesting device. In some examples, the requesting device (e.g., 700)receives the token information from the authenticating device and therequesting device (e.g., 700) proceeds with the action (e.g., creating asecure network connection) using the token information received from theauthenticating device. In some examples, in response to determining, atthe authenticating device (e.g., 500), that the input that is responsiveto the request for authorization to proceed with the action is notconsistent with input authorized to proceed with the action (e.g.,unsuccessful user authentication based on the user input, userauthentication information, a fingerprint, a passcode), theauthenticating device (e.g., 500) foregoes transmitting tokeninformation to the requesting device.

In some examples, concurrently displaying, on the display, theindication (e.g., 750, 850) of the request to proceed with the action,the information (e.g., 752, 852) regarding the action, and theindication (e.g., 754, 854) of the requesting device is in response to(or subsequent to) receiving the request to proceed with the action.

In some examples, the authenticating device includes hardware (e.g., ahardware token generator; a secure element) configured to respond (e.g.,by generating or providing a token, by generating or providing paymentinformation) to the input that is responsive to the request forauthorization to proceed with the action when, for example, therequesting device (e.g., 700) does not include the hardware (e.g., ahardware token generator, a secure element).

In some examples, the action is proceeding with a payment transaction.The authenticating device (e.g., 500) generates (or provides, orreleases) payment information (e.g., a payment account number, anidentifier of a payment account, or payment card information, such asaccount number and expiration date, of a payment account linked to thedevice and stored in an electronic wallet of the device). For example,the authenticating device (e.g., 500) uses hardware (e.g., a secureelement) configured to respond (by generating or providing paymentinformation) to the input that is responsive to the request forauthorization to proceed with the action. In response to determining, atthe authenticating device (e.g., 500), that the input that is responsiveto the request for authorization to proceed with the action isconsistent with input authorized to proceed with the action (e.g.,successful user authentication based on the user input, userauthentication information, a fingerprint, a passcode), theauthenticating device (e.g., 500) transmits the payment information(e.g., to the requesting device or to a payment transaction server). Insome examples, the requesting device receives the payment informationfrom the authenticating device and the requesting device proceeds withthe action (e.g., proceeding with a payment transaction) using thepayment information received from the authenticating device. In someexamples, a payment transaction server receives the payment informationthe authenticating device and processes the payment transaction usingthe payment information received from the authenticating device. Inresponse to determining, at the authenticating device (e.g., 500), thatthe input that is responsive to the request for authorization to proceedwith the action is not consistent with input authorized to proceed withthe action (e.g., unsuccessful user authentication based on the userinput, user authentication information, a fingerprint, a passcode), theauthenticating device (e.g., 500) forgoes transmitting the paymentinformation (e.g., to the requesting device or to a payment transactionserver).

In some examples, the indication (e.g., 754, 854) of the requestingdevice includes a graphical representation of the requesting device. Insome examples, the graphical representation of the requesting device isan icon representation of the requesting device such as a line drawingof a housing of the device, the icon representation including one ormore of: a finish, a form factor, and one or more dimension informationof the requesting device. For example, the graphical representation mayindicate that the requesting device (e.g., 700) is a gold MacBook® or a27″ iMac®.

In some examples, the authenticating device (e.g., 500) is in a lockedstate when receiving the input that is responsive to the request forauthorization to proceed with the action (e.g., user authenticationinformation, a fingerprint, a passcode). In response to determining, atthe authenticating device, that the input that is responsive to therequest for authorization to proceed with the action is consistent withinput authorized to proceed with the action: (e.g., successful userauthentication based on the user input, user authentication information,a fingerprint, a passcode), the authenticating device (e.g., 500)maintains the authenticating device in the locked state whiletransmitting, by the authenticating device, the response to the requestto proceed with the action, the response to the request to proceed withthe action based on the input. Thus, in some examples, theauthenticating device (e.g., 500) remains in the locked state throughoutthe authorization process.

In some examples, the requesting device (e.g., 700) is signed into aservice using an account and the authenticating device (e.g., 500) issigned into the service using the account (e.g., both the requestingdevice and the authenticating devices are signed into a service usingthe same user account/the same user credentials). In some examples, therequesting device and the authenticating device are each signed intoseparate accounts on the same service, wherein the separate accounts arelinked to each other (e.g., explicitly linked to each other for thepurpose of authorizing the action).

In some examples, the authenticating device (e.g., 500) is in a lockedstate when receiving the request to proceed with the action. In responseto receiving the request to proceed with the action, the authenticatingdevice displays, on the display, a request notification (e.g., 730, 830;on the lock screen of the authenticating device). Prior to concurrentlydisplaying, on the display, the indication (e.g., 750, 850) of therequest to proceed with the action, the information (e.g., 752, 852)regarding the action, and the indication (e.g., 754, 854) of therequesting device, the authenticating device (e.g., 500): receives inputactivating the request notification (e.g., 730, 830) (e.g., receiving auser swipe gesture sliding the notification beyond a threshold distanceor a user input gesture pressing on the notification with acharacteristic intensity above a respective threshold intensity);requests (e.g., 740, 840; by displaying a request and/or causing ahaptic vibration) authorization to unlock the authenticating device);receives authorization (e.g., fingerprint or passcode) to unlock theauthenticating device. This authorization for unlocking theauthenticating device is separate and in addition to authorization toproceed with the action. In some examples, the authorization to unlockand the authorization to proceed with the action can be satisfied usingthe same technique (e.g., using the same fingerprint or the samepassword). In some examples, the authorization to unlock and theauthorization to proceed with the action are satisfied using differenttechniques (e.g., using a fingerprint for authorization to unlock and apassword for authorization to proceed with the action). In someexamples, the authorization to unlock and the authorization to proceedwith the action are satisfied using the same technique, but withdifferent inputs (e.g., using a first fingerprint for authorization tounlock and a second fingerprint for authorization to proceed with theaction; using a first password for authorization to unlock and a secondpassword for authorization to proceed with the action). In response to(or subsequent to) receiving authorization to unlock the authenticatingdevice, the authenticating device (e.g., 500) unlocks (e.g.,transitioning the device to an unlocked state). The concurrentlydisplaying, on the display, the indication of the request to proceedwith the action, the information regarding the action, and theindication of the requesting device occurs in response to receivingauthorization to unlock the authenticating device. In some examples, theindication of the request to proceed with the action, the informationregarding the action, and the indication of the requesting device aredisplayed within the user interface of an electronic wallet application.In some examples, the electronic wallet application stores a pluralityof payment accounts associated with the user of the authenticatingdevice, as it is a personal device of the user.

In some examples, in response to receiving the request to proceed withthe action, the authenticating device (e.g., 500) displays, on thedisplay, a request notification (e.g., 730, 830; on the lock screen ofthe authenticating device). Prior to concurrently displaying, on thedisplay, the indication of the request to proceed with the action, theinformation regarding the action, and the indication of the requestingdevice, the authenticating device (e.g., 500) receives input activatingthe request notification (e.g., receiving a user swipe gesture slidingthe notification beyond a threshold distance or a user input gesturepressing on the notification with a characteristic intensity above arespective threshold intensity). The concurrently displaying, on thedisplay, the indication of the request to proceed with the action, theinformation regarding the action, and the indication of the requestingdevice is in response to (or subsequent to) receiving input activatingthe request notification. In some examples, the indication of therequest to proceed with the action, the information regarding theaction, and the indication of the requesting device are displayed withinthe user interface of an electronic wallet application. In someexamples, the electronic wallet application stores a plurality ofpayment accounts associated with the user of the authenticating device,as it is a personal device of the user.

In some examples, the authenticating device (e.g., 500) is in a lockedstate when receiving the request to proceed with the action. In responseto receiving the request to proceed with the action, the authenticatingdevice (e.g., 500) displays, on the display, a request notification(e.g., 730, 830; on the lock screen of the authenticating device). Priorto concurrently displaying, on the display, the indication of therequest to proceed with the action, the information regarding theaction, and the indication of the requesting device, the authenticatingdevice (e.g., 500) receives input activating the request notification(e.g., receiving a user swipe gesture sliding the notification beyond athreshold distance or a user input gesture pressing on the notificationwith a characteristic intensity above a respective threshold intensity).The concurrently displaying, on the display, the indication of therequest to proceed with the action, the information regarding theaction, and the indication of the requesting device is in response to(or subsequent to) receiving input activating the request notification.In some examples, the indication of the request to proceed with theaction, the information regarding the action, and the indication of therequesting device are displayed within the user interface of anelectronic wallet application. In some examples, the electronic walletapplication stores a plurality of payment accounts associated with theuser of the authenticating device, as it is a personal device of theuser. Determining that the input that is responsive to the request forauthorization to proceed with the action is consistent with inputauthorized to proceed with the action (e.g., user authenticationinformation, a fingerprint, a passcode) does not transition therequesting device to an unlocked state (in other words, does nottransition out of the locked state).

In some examples, the authenticating device (e.g., 500) is in anunlocked state (e.g., a state in which the user has already providedauthentication and enabled access to restricted features of theauthenticating device) when receiving the request to proceed with theaction. In some examples, the authenticating device is a wearable device(e.g., an electronic smartwatch) that, once unlocked, remains in anunlocked state while being worn and is automatically locked when thedevice detects that it is no longer being worn (e.g., by detecting anend of user contact with one or more sensors of the device or detectingan end of proximity to a user with one or more sensors of the device).The requesting device includes a hardware button, and receiving theinput that is responsive to the request for authorization to proceedwith the action includes detecting a double-press of the hardware buttonwhile the device is in the unlocked state.

In some examples, the information regarding the action includes one ormore options associated with the action. Subsequent to concurrentlydisplaying, on the display, the indication of the request to proceedwith the action, the information regarding the action, and theindication of the requesting device, the authenticating device (e.g.,500): receives user input requesting a change to at least one of the oneor more options associated with the action; transmits an updated requestto the requesting device, the updated request including the change tothe at least one of the one or more options associated with the action;displays, on the display, an indication that a confirmation of receiptof the updated request has not been received from the requesting device;receives confirmation of receipt of the updated request from therequesting device; and, in response to receiving confirmation of receiptof the updated request from the requesting device, ceases to display, onthe display, the indication that the confirmation of receipt of theupdated request has not been received from the requesting device.

In some examples, subsequent to receiving the request to proceed withthe action and prior to receiving the input that is responsive to therequest for authorization to proceed with the action (e.g., userauthentication information, a fingerprint, a passcode), theauthenticating device (e.g., 500): receives, from the requesting device,a request to cancel the action; in response to receiving the request tocancel the action and in accordance with receiving the input that isresponsive to the request for authorization to proceed with the action(e.g., user authentication information, a fingerprint, a passcode), theauthenticating device (e.g., 500) forgoes proceeding with the action(e.g., foregoing transmitting payment information).

In some examples, subsequent to receiving the request to proceed withthe action and prior to receiving the input that is responsive to therequest for authorization to proceed with the action (e.g., userauthentication information, a fingerprint, a passcode), theauthenticating device (e.g., 500): receives, from the requesting device(e.g., 700), a request to cancel the action; and in response toreceiving the request to cancel the action, the authenticating deviceforgoes receiving input that is responsive to the request forauthorization to proceed with the action (e.g., user authenticationinformation, a fingerprint, a passcode). For example, the authenticatingdevice (e.g., 500) disables a fingerprint sensor used for receivinginput that is response to the request for authorization.

In some examples, subsequent to determining, at the authenticatingdevice (e.g., 500), that the input that is responsive to the request forauthorization to proceed with the action is consistent with inputauthorized to proceed with the action (e.g., successful userauthentication based on the user input, user authentication information,a fingerprint, a passcode), the authenticating device proceeds with theaction (e.g., using the payment information) without further input(e.g., from either the requesting device or the user). For example, theauthenticating device transmits the information necessary (or useful)for processing the payment transaction to a payment server.

In some examples, the authenticating device (e.g., 500) displaystransactions in a transaction history user interface. The authenticatingdevice (e.g., 500) receives a second request to proceed with a secondaction (e.g., requesting to proceed with a second payment transaction).The authenticating device (e.g., 500) concurrently displays, on thedisplay, a second indication of the request to proceed with the action(e.g., proceed with a payment transaction) and an indication of whetherthe action was successful (e.g., was the payment transaction approved),and concurrently displays, on the display, a third indication of thesecond request to proceed with the second action (e.g., proceed with asecond payment transaction) and an indication of whether the secondaction was successful (e.g., was the second payment transactionapproved). Thus, the authenticating device (e.g., 500) displays atransaction history that includes received requests along withindications of whether the corresponding transaction payments wereapproved or denied. In some examples, the authenticating device (e.g.,500) concurrently displays the second indication of the request toproceed with the action, the indication of whether the action wassuccessful, the third indication of the second request to proceed withthe second action, and the indication of whether the second action wassuccessful.

In some examples, the authenticating device (e.g., 500) is a phone(e.g., a smartphone) and the requesting device is a television device(e.g., a flat panel television or a set top box that is controllingdisplay of a user interface on the flat panel television). In someexamples, the authenticating device is a phone (e.g., a smart phone) andthe requesting device is a computer (e.g., a laptop computer, a desktopcomputer). In some examples, the authenticating device is a wearabledevice (e.g., an electronic smartwatch) and the requesting device is atelevision device (e.g., a flat panel television or a set top box thatis controlling display of a user interface on the flat paneltelevision). In some examples, the authenticating device is a wearabledevice (e.g., an electronic smartwatch) and the requesting device is acomputer (e.g., a laptop computer, a desktop computer).

In some examples, an electronic wallet of the authenticating device(e.g., 500) includes one or more payment accounts associated with a userof the authenticating device and the payment information is based on apayment account of the one or more payment accounts. In some examples,the payment information is an account number or a PAN of a paymentaccount.

In some examples, proceeding with the payment transaction includestransmitting the payment information (e.g., payment information of apayment account linked to the electronic device and stored in anelectronic wallet of the device) to a payment transaction server toengage in the payment transaction. In some examples, engaging in thepayment transaction includes routing information to one or morefinancial institutions to verify payment credentials and/or receiveauthorization to complete the transaction. For example, paymentinformation is transmitted from the authenticating device (e.g., 500) toa payment server for engaging in the payment transaction. For anotherexample, payment information is transmitted from the requesting device(e.g., 700) to a payment server for engaging in the payment transaction.

In some examples, proceeding with the payment transaction includes usingthe payment information (e.g., payment information of a payment accountlinked to the electronic device and stored in an electronic wallet ofthe device) to complete the payment transaction. In some examples,proceeding with the payment transaction includes using the paymentinformation (e.g., an account number or a PAN of a payment account) foruse in the payment transaction (e.g., using a credit account to make thepurchase) to complete the payment transaction, where the paymentinformation is stored at the electronic device (e.g., 500, 700).

Note that details of the processes described above with respect tomethod 1100 (e.g., FIG. 11) are also applicable in an analogous mannerto the methods described above. For example, methods 900 and 1000optionally include one or more of the characteristics of the variousmethods described above with reference to method 1100. For example,characteristics and techniques of the requesting devices of the variousmethods can be combined. For another example, characteristics andtechniques of the authenticating devices of the various methods can becombined. For brevity, these details are not repeated below.

In accordance with some embodiments, FIG. 12 shows an exemplaryfunctional block diagram of a requesting device 1200 configured inaccordance with the principles of the various described embodiments. Inaccordance with some embodiments, the functional blocks of requestingdevice 1200 are configured to perform the techniques described above.The functional blocks of the device 1200 are, optionally, implemented byhardware, software, or a combination of hardware and software to carryout the principles of the various described examples. It is understoodby persons of skill in the art that the functional blocks described inFIG. 12 are, optionally, combined or separated into sub-blocks toimplement the principles of the various described examples. Therefore,the description herein optionally supports any possible combination orseparation or further definition of the functional blocks describedherein.

As shown in FIG. 12, a requesting device 1200 includes a display unit1202 configured to display a graphic user interface, and a processingunit 1204 coupled to the display unit 1202. In some embodiments, theprocessing unit 1204 includes a receiving unit 1206, a transmitting unit1208, a display enabling unit 1210, a network creation unit 1212, aproceeding unit 1216, and a determining unit 1218.

The processing unit 1204 is configured to receive (e.g., with receivingunit 1206) selection of one or more options. The processing unit 1204 isfurther configured to receive (e.g., with receiving unit 1206) selectionof an option to proceed with an action associated with the selected oneor more options. The processing unit 1204 is further configured totransmit (e.g., with transmitting unit 1208) a request to proceed withthe action, wherein the request includes information about the selectedone or more options. The processing unit 1204 is further configured toreceive (e.g., with receiving unit 1206) the response to the request toproceed with the action. The processing unit 1204 is further configuredto, in accordance with a determination (e.g., using determining unit1218) that the response to the request to proceed with the actionindicates that the authorization at the authenticating device wassuccessful, enable display of (e.g., with display enabling unit 1210) ondisplay unit 1202 an indication that the authorization was successful.The processing unit 1204 is further configured to, in accordance with adetermination (e.g., using determining unit 1218) that the response tothe request to proceed with the action indicates that the authorizationat the authenticating device was not successful, enable display of(e.g., with display enabling unit 1210), on display unit 1202, anindication that the authorization was not successful.

In some embodiments, the action is creating (e.g., using networkcreation unit 1212) a secure network connection between the requestingdevice 1200 and a remote server. The processing unit 1204 is furtherconfigured to receive (e.g., with receiving unit 1206) a token from theauthenticating device. The processing unit 1204 is further configured toproceed (e.g., with proceeding unit 1216) with the action using a tokenreceived from the authenticating device.

In some embodiments, the requesting device 1200 is signed into a serviceusing an account when transmitting (e.g., using transmitting unit 1208)the request to proceed with the action.

In some embodiments, the action is proceeding (e.g., using proceedingunit 1216) with a payment transaction. The processing unit 1204 isfurther configured to receive (e.g., with receiving unit 1206) paymentinformation from the authenticating device. The processing unit 1204 isfurther configured to proceed (e.g., using proceeding unit 1216) withthe action using the payment information received from theauthenticating device.

In some embodiments, the processing unit 1204 is configured to transmit(e.g., with transmitting unit 1208) a token to a server, wherein theserver uses the token to obtain a resource associated with the token.

In some embodiments, the processing unit 1204 is further configured totransmit (e.g., with transmitting unit 1208) the payment information toa payment transaction server, wherein the payment transaction serveruses the payment information to obtain a resource associated with thepayment information.

In some embodiments, the requesting device 1200 is a television device.In some embodiments, the requesting device 1200 is a computer.

In some embodiments, proceeding with the payment transaction includestransmitting (e.g., with transmitting unit 1208) the payment informationto a payment transaction server to engage in the payment transaction.

The operations described above with reference to FIGS. 9A-9D are,optionally, implemented by components depicted in FIGS. 1A-1B or FIG.12. For example, receiving operation 902 and displaying operation 910are, optionally, implemented by event recognizer 180 and event handler190. Similarly, it would be clear to a person having ordinary skill inthe art how other processes can be implemented based on the componentsdepicted in FIGS. 1A-1B.

In accordance with some embodiments, FIG. 13 shows an exemplaryfunctional block diagram of an authenticating device 1300 configured inaccordance with the principles of the various described embodiments. Inaccordance with some embodiments, the functional blocks ofauthenticating device 1300 are configured to perform the techniquesdescribed above. The functional blocks of the device 1300 are,optionally, implemented by hardware, software, or a combination ofhardware and software to carry out the principles of the variousdescribed examples. It is understood by persons of skill in the art thatthe functional blocks described in FIG. 13 are, optionally, combined orseparated into sub-blocks to implement the principles of the variousdescribed examples. Therefore, the description herein optionallysupports any possible combination or separation or further definition ofthe functional blocks described herein.

As shown in FIG. 13, an authenticating device 1300 includes a displayunit 1302 configured to display a graphic user interface, a hardwareunit 1318, a processing unit 1304 coupled to the display unit 1302 and,optionally, the hardware unit 1318. In some embodiments, the processingunit 1304 includes a receiving unit 1306, a transmitting unit 1308, adisplay enabling unit 1310, a network creation unit 1312, a proceedingunit 1316, a determining unit 1320, and a locking unit 1322.

The processing unit 1304 is configured to receive (e.g., with receivingunit 1306) the request to proceed with the action. The processing unit1304 is further configured to concurrently enable display of (e.g.,using display enabling unit 1310), on the display unit 1302, anindication of the request to proceed with the action, the informationabout the selected one or more options, and an indication of therequesting device. The processing unit 1304 is further configured toenable display of (e.g., using display enabling unit 1310), on thedisplay unit 1302, a request for authorization to proceed with theaction. The processing unit 1304 is further configured to receive (e.g.,using receiving unit 1306) an input that is responsive to the requestfor authorization to proceed with the action. The processing unit 1304is further configured to transmit (e.g., using transmitting unit 1308) aresponse to the request to proceed with the action, the response to therequest to proceed with the action based on the input that is responsiveto the request for authorization to proceed with the action.

In some embodiments, the authenticating device 1300 includes hardwareunit 1318 configured to respond to the input that is responsive to therequest for authorization to proceed with the action and wherein therequesting device does not include the hardware. The action is creating(e.g., using network creation unit 1312) a secure network connectionbetween the authenticating device 1300 and a remote server. Theprocessing unit 1304 is configured to, in response to determining (e.g.,using determining unit 1320) that the input that is responsive to therequest for authorization to proceed with the action is consistent withinput authorized to proceed with the action, proceeding (e.g., usingproceeding unit 1316) with the action using the hardware unit 1318configured to respond to the input that is responsive to the request forauthorization to proceed with the action.

In some embodiments, the action is creating (e.g., using networkcreation unit 1312) a secure network connection between the requestingdevice and a remote server. The processing unit 1304 is configured to,in response to determining (e.g., using determining unit 1320) that theinput that is responsive to the request for authorization to proceedwith the action is consistent with input authorized to proceed with theaction, transmit (e.g., using transmitting unit 1308) a token to therequesting device, the token generated using hardware unit 1318configured to respond to the input that is responsive to the request forauthorization to proceed with the action.

In some embodiments, the indication of the requesting device includes agraphical representation of the requesting device.

In some embodiments, the authenticating device 1300 is in a locked statewhen receiving (e.g., using receiving unit 1306) the input that isresponsive to the request for authorization to proceed with the action.The processing unit 1304 is configured to, in response to determining(e.g., using determining unit 1320) that the input that is responsive tothe request for authorization to proceed with the action is consistentwith input authorized to proceed with the action, maintaining (e.g.,using locking unit 1322) the authenticating device 1300 in the lockedstate while transmitting (e.g., using transmitting unit 1308) theresponse to the request to proceed with the action, the response to therequest to proceed with the action based on the input.

In some embodiments, the authenticating device 1300 is signed into theservice using the account when receiving the request to proceed with theaction.

In some embodiments, the action is proceeding (e.g., using proceedingunit 1316) with a payment transaction. The processing unit 1304 isconfigured to, in response to determining (e.g., using determining unit1320) that the input that is responsive to the request for authorizationto proceed with the action is consistent with input authorized toproceed with the action, proceeding (e.g., using proceeding unit 1316)with the action using hardware unit 1318 configured to respond to theinput that is responsive to the request for authorization to proceedwith the action.

In some embodiments, the action is proceeding (e.g., using proceedingunit 1316) with a payment transaction. The processing unit 1304 isconfigured to, in response to determining (e.g., using determining unit1320) that the input that is responsive to the request for authorizationto proceed with the action is consistent with input authorized toproceed with the action, transmitting (e.g., using transmitting unit1308) payment information to the requesting device, the paymentinformation generated using hardware unit 1318 configured to respond tothe input that is responsive to the request for authorization to proceedwith the action.

In some embodiments, the processing unit 1304 is configured to transmit(e.g., using transmitting unit 1308) a token to a server, wherein theserver uses the token to obtain a resource associated with the token.

In some embodiments, the processing unit 1304 is configured to transmit(e.g., using transmitting unit 1308) the payment information to apayment transaction server, wherein the payment transaction server usesthe payment information to obtain a resource associated with the paymentinformation.

In some embodiments, the action is proceeding with a payment transactionand wherein the authenticating device 1300 includes hardware unit 1318for authorizing payment transactions.

In some embodiments, the action is proceeding (e.g., using proceedingunit 1316) with a payment transaction. The processing unit 1304 isconfigured to, subsequent to determining (e.g., using determining unit1320) that the input that is responsive to the request for authorizationto proceed with the action is consistent with input authorized toproceed with the action, proceed (e.g., using proceeding unit 1316) withthe action without further input from the requesting device.

In some embodiments, the authenticating device 1300 is a phone. In someembodiments, the authenticating device 1300 is a wearable device.

In some embodiments, an electronic wallet of the authenticating device1300 includes one or more payment accounts associated with a user of theauthenticating device 1300 and the payment information is based on apayment account of the one or more payment accounts.

In some embodiments, proceeding (e.g., using proceeding unit 1316) withthe payment transaction includes transmitting (e.g., using transmittingunit 1308) the payment information to a payment transaction server toengage in the payment transaction.

The operations described above with reference to FIGS. 9A-9D are,optionally, implemented by components depicted in FIGS. 1A-1B or FIG.13. For example, receiving operation 908 and displaying operation 912are, optionally, implemented by event recognizer 180 and event handler190. Similarly, it would be clear to a person having ordinary skill inthe art how other processes can be implemented based on the componentsdepicted in FIGS. 1A-1B.

In accordance with some embodiments, FIG. 14 shows an exemplaryfunctional block diagram of a requesting device 1400 configured inaccordance with the principles of the various described embodiments. Inaccordance with some embodiments, the functional blocks of requestingdevice 1400 are configured to perform the techniques described above.The functional blocks of the device 1400 are, optionally, implemented byhardware, software, or a combination of hardware and software to carryout the principles of the various described examples. It is understoodby persons of skill in the art that the functional blocks described inFIG. 14 are, optionally, combined or separated into sub-blocks toimplement the principles of the various described examples. Therefore,the description herein optionally supports any possible combination orseparation or further definition of the functional blocks describedherein.

As shown in FIG. 14, a requesting device 1400 includes a display unit1402 configured to display a graphic user interface, and a processingunit 1404 coupled to the display unit 1402. In some embodiments, theprocessing unit 1404 includes a receiving unit 1406, a transmitting unit1408, a display enabling unit 1410, a network creation unit 1412, aproceeding unit 1416, a determining unit 1420, a providing unit 1422,and a selecting unit 1424.

The processing unit 1404 is configured to receive (e.g., using receivingunit 1406) selection of one or more options associated with an action.The processing unit 1404 is further configured to receive (e.g., usingreceiving unit 1406) selection of an option to proceed with the actionassociated with the selected one or more options. The processing unit1404 is further configured to transmit (e.g., using transmitting unit1408), to an authenticating device, a request to proceed with theaction, wherein the request includes information about the selected oneor more options, the information about the selected one or more optionsfor display by the authenticating device. The processing unit 1404 isfurther configured to receive (e.g., using receiving unit 1406), fromthe authenticating device, a response to the request to proceed with theaction, wherein the response to the request to proceed with the actionis indicative of an input at the authenticating device. The processingunit 1404 is further configured to, in accordance with a determination(e.g., using determining unit 1420) that the response to the request toproceed with the action indicates that an authorization at theauthenticating device was successful, enable display of (e.g., usingdisplay enabling unit 1410), on the display unit 1402, an indicationthat the authorization was successful.

In some embodiments, the processing unit 1404 is configured to, inaccordance with a determination (e.g., using determining unit 1420) thatthe response to the request to proceed with the action indicates thatthe authorization at the authenticating device was not successful,enable display of (e.g., using display enabling unit 1410), on thedisplay unit 1402, an indication that the authorization was notsuccessful.

In some embodiments, the action is creating (e.g., using networkcreation unit 1412) a secure network connection between the requestingdevice and a remote server by transmitting (e.g., using transmittingunit 1408) a token to the remote server.

In some embodiments, the processing unit 1404 is configured to receive(e.g., using receiving unit 1406) a token from the authenticatingdevice. The processing unit 1404 is further configured to proceed (e.g.,using proceeding unit 1416) with the action using the token receivedfrom the authenticating device.

In some embodiments, the action is proceeding (e.g., using proceedingunit 1416) with a payment transaction.

In some embodiments, the processing unit 1404 is configured to receive(e.g., using receiving unit 1406) payment information from theauthenticating device. The processing unit 1404 is further configured toproceed (e.g., using proceeding unit 1416) with the action using thepayment information received from the authenticating device.

In some embodiments, proceeding with the payment transaction includestransmitting (e.g., using transmitting unit 1408) at least a portion ofthe payment information to a merchant.

In some embodiments, the requesting device 1400 is signed into a serviceusing an account and the authenticating device is signed into theservice using the account.

In some embodiments, the processing unit 1404 is configured to receive(e.g., using receiving unit 1406) an indication that the action wassuccessful. The processing unit 1404 is further configured to present(e.g., using presenting unit 1418) a notification at the requestingdevice that the action was successful.

In some embodiments, the processing unit 1404 is configured to, prior totransmitting the request to proceed with the action: determine (e.g.,using determining unit 1420) whether a set of one or more conditionsthat indicate whether the device is capable of authorizing the requestis met, wherein transmitting the request to an authenticating deviceoccurs in accordance with a determination that the set of one or moreconditions is not met.

In some embodiments, the set of one or more conditions is met whenhardware configured to generate payment information is available at therequesting device.

In some embodiments, the request to proceed with the action includes oneor more payment transactions details.

In some embodiments, the processing unit 1404 is configured to, prior totransmitting to the authenticating device the request to proceed withthe action: provide (e.g., using providing unit 1422) optionscorresponding to a plurality of authenticating devices, the plurality ofauthenticating devices including the authenticating device; receive(e.g., using receiving unit 1406) input selecting an optioncorresponding to the authenticating device; and wherein transmitting tothe authenticating device the request to proceed with the action is inaccordance with receiving the input selecting the authenticating devicefrom among the plurality of authenticating devices.

In some embodiments, the processing unit 1404 is configured to, prior totransmitting to the authenticating device the request to proceed withthe action: select (e.g., using the selecting unit 1424) theauthenticating device from among a plurality of authenticating devicesbased on one or more of the proximity of the authenticating device tothe requesting device 1400, the recency of use of the authenticatingdevice, a user-defined preference for the authenticating device, and aprioritization scheme of the plurality of authenticating devices,wherein transmitting (e.g., using transmitting unit 1408) to theauthenticating device the request to proceed with the action is inaccordance with selecting the authenticating device from among theplurality of authenticating devices.

In some embodiments, the processing unit 1404 is configured to, prior totransmitting, by the requesting device 1400 to the authenticating devicethe request to proceed with the action: select (e.g., using selectingunit 1424) the authenticating device from among a plurality ofauthenticating devices based on availability of a selected paymentaccount on the authenticating device, wherein transmitting, by therequesting device 1400, to the authenticating device the request toproceed with the action is in accordance with selecting theauthenticating device from among the plurality of authenticatingdevices.

In some embodiments, the processing unit 1404 is configured to, inaccordance with transmitting (e.g., using transmitting unit 1408), bythe requesting device 1400, to the authenticating device the request toproceed with the action, forgoing transmitting (e.g., using transmittingdevice 1408) to another authenticating device of a plurality ofauthenticating devices the request to proceed with the action.

In some embodiments, the processing unit 1404 is configured to transmit(e.g., using transmitting unit 1408), by the requesting device 1400, toa second authenticating device the request to proceed with the action.

In some embodiments, the processing unit 1404 is configured to, prior totransmitting the request to proceed with the action: determine (e.g.,using determining unit 1420) whether a set of one or more conditions ismet, wherein the set of one or more conditions is met when hardwareconfigured to generate payment information is available at therequesting device 1400; and in accordance with a determination that theset of one or more conditions is not met, provide (e.g., using providingunit 1422) options corresponding to a plurality of authenticatingdevices, the plurality of authenticating devices including theauthenticating device.

In some embodiments, the processing unit 1404 is configured to,subsequent to transmitting (e.g., using transmitting unit 1408) therequest to proceed with the action: receive (e.g., using receiving unit1406) user input changing at least one of the selected one or moreoptions associated with the action; transmit (e.g., using transmittingunit 1408), by the requesting device 1400 to the authenticating device,a revised request to proceed with the action; and receive (e.g., usingreceiving unit 1406), from the authenticating device, a confirmation ofreceipt of the revised request to proceed with the action; and whereinenabling display (e.g., using display enabling unit 1410), on thedisplay unit 1402 of the requesting device 1400, the indication that theauthorization was successful is in accordance with a determination(e.g., using determining unit 1420) that the confirmation of receipt ofthe revised request to proceed with the action was received.

In some embodiments, the processing unit 1404 is configured to, prior totransmitting the request to proceed with the action: enabling display(e.g., using display enabling unit), on the display unit 1402, theselected one or more options associated with the action. The processingunit 1404 is further configured to, subsequent to transmitting therequest to proceed with the action: receive (e.g., using receiving unit1406), from the authenticating device, changes to at least one of theselected one or more options associated with the action; and in responseto receiving, from the authenticating device, the changes to the atleast one of the selected one or more options associated with theaction, update (e.g., using display enabling unit) the display inaccordance with the received changes to the at least one of the selectedone or more options associated with the action.

In some embodiments, the processing unit 1404 is configured to,subsequent to transmitting the request to proceed with the action:receive (e.g., using receiving unit 1406) selection of an option tocancel the action; and in response to receiving selection of the optionto cancel the action, transmit (e.g., using transmitting unit 1408), bythe requesting device 1400 to the authenticating device, a request tocancel the action.

In some embodiments, the processing unit 1404 is configured to enabledisplay of (e.g., using display enabling unit 1410), on the display unit1402, the one or more options associated with the action in athird-party user interface; and enable display of (e.g., using displayenabling unit 1410), on the display unit 1402 of the requesting device,the option to proceed with the action in a first-party user interface.

In some embodiments, the processing unit 1404 is configured to enabledisplay of (e.g., using display enabling unit 1410), on the display unit1402 of the requesting device 1400, the option to proceed with theaction in a first-party user interface.

In some embodiments, the processing unit 1404 is configured to determine(e.g., using determining unit 1420) whether one or more authenticatingdevices are available for authentication. The processing unit 1404 isfurther configured to, in accordance with a determination that one ormore authenticating devices are available for authentication, enabledisplay of (e.g., using display enabling unit 1410), on the display unit1402 of the requesting device 1400, the option to proceed with theaction. The processing unit 1404 is further configured to, in accordancewith a determination that one or more authenticating devices are notavailable for authentication, forgoing enabling display (e.g., usingdisplay enabling unit 1410), on the display unit 1402 of the requestingdevice 1400, the option to proceed with the action.

In some embodiments, the processing unit 1404 is configured to, prior totransmitting, by the requesting device 1400 to the authenticatingdevice, the request to proceed with the action: receive (e.g., usingreceiving unit 1406) selection of one or more options associated with asecond action; and wherein the request to proceed with the action is arequest to proceed with both the action and the second action andwherein the request further includes information about the selected oneor more options associated with the second action, the information aboutthe selected one or more options associated with the second action fordisplay by the authenticating device.

In some embodiments, the processing unit 1404 is configured to, prior toreceiving selection of the option to proceed with the action associatedwith the selected one or more options: receive (e.g., using receivingunit 1406) selection of a payment option; and in response to receivingselection of the payment option, enabling display (e.g., using displayenabling unit 1410) options for a plurality of payment accountsassociated with corresponding authenticating devices.

In some embodiments, the processing unit 1404 is configured to, prior toreceiving selection of the option to proceed with the action associatedwith the selected one or more options: receive (e.g., using receivingunit 1406) selection of an option corresponding to a respective paymentaccount from among the options for the plurality of payment accounts;and in response to receiving selection of the option corresponding tothe respective payment account, select (e.g., using selecting unit 1424)the respective authenticating device based on the selected optioncorresponding to the respective payment account.

In some embodiments, the processing unit 1404 is configured to, prior toreceiving selection of the option to proceed with the action associatedwith the selected one or more options: enable display of (e.g., usingdisplay enabling unit 1410) options for a plurality of payment accountsthat are associated with corresponding authenticating devices; andreceive (e.g., using receiving unit 1406) selection of an optioncorresponding to a respective payment account; and in response toreceiving selection of the option corresponding to the respectivepayment account, select (e.g., using selecting unit 1424) the respectiveauthenticating device based on the selected option corresponding to therespective payment account.

In some embodiments, the processing unit 1404 is configured to,subsequent to receiving selection of the option corresponding to therespective payment account, concurrently enable display (e.g., usingdisplay enabling unit) of: the option to proceed with the actionassociated with the selected one or more options; and an indication ofthe authenticating device.

In some embodiments, the indication of the authenticating deviceincludes a graphical representation of the authenticating device.

In some embodiments, the options for the plurality of payment accountsincludes payment accounts linked to devices of a first type regardlessof whether the devices of the first type are currently in a locked stateor unlocked state; and the options for the plurality of payment accountsincludes payment accounts linked to devices of a second type based onbeing in an unlocked state.

In some embodiments, the authenticating device is a phone and therequesting device is a television device. In some embodiments, theauthenticating device is a phone and the requesting device is acomputer. In some embodiments, the authenticating device is a wearabledevice and the requesting device is a television device. In someembodiments, the authenticating device is a wearable device and therequesting device is a computer.

In some embodiments, an electronic wallet of the authenticating deviceincludes one or more payment accounts associated with a user of theauthenticating device and the payment information is based on a paymentaccount of the one or more payment accounts.

In some embodiments, proceeding with the payment transaction includestransmitting the payment information to a payment transaction server toengage in the payment transaction.

The operations described above with reference to FIGS. 10A-10B are,optionally, implemented by components depicted in FIGS. 1A-1B or FIG.14. For example, receiving operation 1002 and displaying operation 1010are, optionally, implemented by event recognizer 180 and event handler190. Similarly, it would be clear to a person having ordinary skill inthe art how other processes can be implemented based on the componentsdepicted in FIGS. 1A-1B.

In accordance with some embodiments, FIG. 15 shows an exemplaryfunctional block diagram of an authenticating device 1500 configured inaccordance with the principles of the various described embodiments. Inaccordance with some embodiments, the functional blocks ofauthenticating device 1500 are configured to perform the techniquesdescribed above. The functional blocks of the device 1500 are,optionally, implemented by hardware, software, or a combination ofhardware and software to carry out the principles of the variousdescribed examples. It is understood by persons of skill in the art thatthe functional blocks described in FIG. 15 are, optionally, combined orseparated into sub-blocks to implement the principles of the variousdescribed examples. Therefore, the description herein optionallysupports any possible combination or separation or further definition ofthe functional blocks described herein.

As shown in FIG. 15, an authenticating device 1500 includes a displayunit 1502 configured to display a graphic user interface, optionally, ahardware unit 1518, and a processing unit 1504 coupled to the displayunit 1502 and, optionally, to the hardware unit 1518. In someembodiments, the processing unit 1504 includes a receiving unit 1506, atransmitting unit 1508, a display enabling unit 1510, a network creationunit 1512, a proceeding unit 1516, a generating unit 1518, determiningunit 1520, a locking unit 1524, and a requesting unit 1526.

The processing unit 1504 is configured to receive (e.g., using receivingunit 1506), from a requesting device, a request to proceed with anaction, wherein the request includes information regarding the actionand wherein the requesting device and the authenticating device are bothsigned into a service using the same account. The processing unit 1504is further configured to concurrently enable display (e.g., usingdisplay enabling unit 1510), on the display unit 1502: an indication ofthe request to proceed with the action, the information regarding theaction, and an indication of the requesting device. The processing unit1504 is further configured to enable display (e.g., using displayenabling unit 1510), on the display unit 1502 a request forauthorization to proceed with the action. The processing unit 1504 isfurther configured to receive (e.g., using receiving unit 1506) an inputthat is responsive to the request for authorization to proceed with theaction.

In some embodiments, the action is creating (e.g., using networkcreation unit 1512) a secure network connection between the requestingdevice and a remote server. The processing unit 1504 is configured to,in response to determining (e.g., using determining unit 1520) that theinput that is responsive to the request for authorization to proceedwith the action is consistent with input authorized to proceed with theaction, transmit (e.g., using transmitting unit 1508) token informationto the requesting device.

In some embodiments, the processing unit 1504 is configured toconcurrently enable display (e.g., using display enabling unit 1510), onthe display unit 1502, the indication of the request to proceed with theaction, the information regarding the action, and the indication of therequesting device is in response to receiving the request to proceedwith the action.

In some embodiments, the authenticating device 1500 includes hardwareunit 1518 configured to respond to the input that is responsive to therequest for authorization to proceed with the action and wherein therequesting device does not include the hardware.

In some embodiments, the action is proceeding (e.g., using proceedingunit 1516) with a payment transaction. The processing unit 1504 isconfigured to generate (e.g., using generating unit 1518) paymentinformation. The processing unit 1504 is further configured to, inresponse to determining that the input that is responsive to the requestfor authorization to proceed with the action is consistent with inputauthorized to proceed with the action, transmit (e.g., usingtransmitting unit 1508) payment information.

In some embodiments, the indication of the requesting device includes agraphical representation of the requesting device.

In some embodiments, the authenticating device 1500 is in a locked statewhen receiving the input that is responsive to the request forauthorization to proceed with the action. The processing unit 1504 isconfigured to, in response to determining that the input that isresponsive to the request for authorization to proceed with the actionis consistent with input authorized to proceed with the action: maintain(e.g., using the locking unit 1524) the authenticating device in thelocked state while transmitting the response to the request to proceedwith the action, the response to the request to proceed with the actionbased on the input.

In some embodiments, the requesting device is signed into a serviceusing an account and the authenticating device is signed into theservice using the account.

In some embodiments, the authenticating device 1500 is in a locked statewhen receiving the request to proceed with the action. The processingunit 1504 is configured to, in response to receiving the request toproceed with the action: enable display of (e.g., using display enablingunit 1510), on the display unit 1502, a request notification. Theprocessing unit 1504 is configured to, prior to concurrently enablingdisplay of, on the display, the indication of the request to proceedwith the action, the information regarding the action, and theindication of the requesting device: receive (e.g., using receiving unit1506) input activating the request notification; request (e.g., usingrequesting unit 1526) authorization to unlock the authenticating device;receive (e.g., using receiving unit 1506) authorization to unlock theauthenticating device. The processing unit 1504 is configured to, inresponse to receiving authorization to unlock the authenticating device:unlocking (e.g., using locking unit 1525) the authenticating device.Wherein concurrently enabling display, on the display unit 1502, theindication of the request to proceed with the action, the informationregarding the action, and the indication of the requesting device is inresponse to receiving authorization to unlock the authenticating device.

In some embodiments, the processing unit 1504 is configured to, inresponse to receiving the request to proceed with the action: enabledisplay of (e.g., using display enabling unit 1510), on the display unit1502, a request notification. The processing unit 1504 is furtherconfigured to, prior to concurrently enabling display, on the displayunit 1502, the indication of the request to proceed with the action, theinformation regarding the action, and the indication of the requestingdevice: receive (e.g., using requesting unit 1526) input activating therequest notification, wherein concurrently enabling display, on thedisplay unit 1502, the indication of the request to proceed with theaction, the information regarding the action, and the indication of therequesting device is in response to receiving input activating therequest notification.

In some embodiments, the authenticating device 1500 is in a locked statewhen receiving the request to proceed with the action. The processingunit 1504 is further configured to, in response to receiving the requestto proceed with the action: enable display (e.g., using display enablingunit 1510), on the display unit 1502, of a request notification. Theprocessing unit 1504 is further configured to, prior to concurrentlyenabling display (e.g., using display enabling unit 1510), on thedisplay unit 1502, of the indication of the request to proceed with theaction, the information regarding the action, and the indication of therequesting device: receive (e.g., using requesting unit 1526) inputactivating the request notification; wherein concurrently enablingdisplaying, on the display unit 1502, the indication of the request toproceed with the action, the information regarding the action, and theindication of the requesting device is in response to receiving inputactivating the request notification; and wherein determining that theinput that is responsive to the request for authorization to proceedwith the action is consistent with input authorized to proceed with theaction does not transition the requesting device to an unlocked state.

In some embodiments, the authenticating device 1500 is in an unlockedstate when receiving the request to proceed with the action. therequesting device includes a hardware button, and receiving the inputthat is responsive to the request for authorization to proceed with theaction comprises detecting a double-press of the hardware button whilein the unlocked state.

In some embodiments, the information regarding the action includes oneor more options associated with the action. The processing unit 1504 isfurther configured to, subsequent to concurrently enabling display, onthe display unit 1502, the indication of the request to proceed with theaction, the information regarding the action, and the indication of therequesting device: receive (e.g., using receiving unit 1506) user inputrequesting a change to at least one of the one or more optionsassociated with the action; transmit (e.g., using transmitting unit1508) an updated request to the requesting device, the updated requestincluding the change to the at least one of the one or more optionsassociated with the action; enable display (e.g., using display enablingunit 1510), on the display unit 1502, of an indication that aconfirmation of receipt of the updated request has not been receivedfrom the requesting device; receive (e.g., using receiving unit 1506)confirmation of receipt of the updated request from the requestingdevice; and in response to receiving confirmation of receipt of theupdated request from the requesting device, ceasing to enable display(e.g., using display enabling unit 1510), on the display unit 1502, ofthe indication that the confirmation of receipt of the updated requesthas not been received from the requesting device.

In some embodiments, the processing unit 1504 is configured to,subsequent to receiving the request to proceed with the action and priorto receiving the input that is responsive to the request forauthorization to proceed with the action: receive (e.g., using receivingunit 1506), from the requesting device, a request to cancel the action.The processing unit 1504 is further configured to, in response toreceiving the request to cancel the action and in accordance withreceiving the input that is responsive to the request for authorizationto proceed with the action: forgo proceeding (e.g., using proceedingunit 1516) with the action.

In some embodiments, the processing unit 1504 is configured to,subsequent to receiving the request to proceed with the action and priorto receiving the input that is responsive to the request forauthorization to proceed with the action: receive (e.g., using receivingunit 1506), from the requesting device, a request to cancel the action;and in response to receiving the request to cancel the action, forgoreceiving (e.g., using receiving unit 1506) input that is responsive tothe request for authorization to proceed with the action.

In some embodiments, the processing unit 1504 is configured to,subsequent to determining, at the authenticating device, that the inputthat is responsive to the request for authorization to proceed with theaction is consistent with input authorized to proceed with the action,proceed (e.g., using proceeding unit 1516), by the authenticating device1500, with the action without further input.

In some embodiments, the processing unit 1504 is configured to receive(e.g., using receiving unit 1506) a second request to proceed with asecond action. The processing unit 1504 is further configured toconcurrently enable display (e.g., using display enabling unit 1510), onthe display unit 1502, of a second indication of the request to proceedwith the action and an indication of whether the action was successful.The processing unit 1504 is further configured to concurrently enabledisplay (e.g., using display enabling unit 1510), on the display unit1502, of a third indication of the second request to proceed with thesecond action and an indication of whether the second action wassuccessful.

In some embodiments, the authenticating device 1500 is a phone and therequesting device is a television device. In some embodiments, theauthenticating device 1500 is a phone and the requesting device is acomputer. In some embodiments, the authenticating device 1500 is awearable device and the requesting device is a television device. Insome embodiments, the authenticating device 1500 is a wearable deviceand the requesting device is a computer.

In some embodiments, an electronic wallet of the authenticating device1500 includes one or more payment accounts associated with a user of theauthenticating device and the payment information is based on a paymentaccount of the one or more payment accounts.

In some embodiments, proceeding with the payment transaction includestransmitting the payment information to a payment transaction server toengage in the payment transaction.

The operations described above with reference to FIG. 11 are,optionally, implemented by components depicted in FIGS. 1A-1B or FIG.15. For example, receiving operation 1102 and displaying operation 1108are, optionally, implemented by event recognizer 180 and event handler190. Similarly, it would be clear to a person having ordinary skill inthe art how other processes can be implemented based on the componentsdepicted in FIGS. 1A-1B.

The foregoing description, for purpose of explanation, has beendescribed with reference to specific embodiments. However, theillustrative discussions above are not intended to be exhaustive or tolimit the invention to the precise forms disclosed. Many modificationsand variations are possible in view of the above teachings. Theembodiments were chosen and described in order to best explain theprinciples of the techniques and their practical applications. Othersskilled in the art are thereby enabled to best utilize the techniquesand various embodiments with various modifications as are suited to theparticular use contemplated.

Although the disclosure and examples have been fully described withreference to the accompanying drawings, it is to be noted that variouschanges and modifications will become apparent to those skilled in theart. Such changes and modifications are to be understood as beingincluded within the scope of the disclosure and examples as defined bythe claims.

As described above, one aspect of the present technology is thegathering and use of data available from various sources to improve thedelivery to users of invitational content or any other content that maybe of interest to them. The present disclosure contemplates that in someinstances, this gathered data may include personal information data thatuniquely identifies or can be used to contact or locate a specificperson. Such personal information data can include demographic data,location-based data, telephone numbers, email addresses, home addresses,or any other identifying information.

The present disclosure recognizes that the use of such personalinformation data, in the present technology, can be used to the benefitof users. For example, the personal information data can be used todeliver targeted content that is of greater interest to the user.Accordingly, use of such personal information data enables calculatedcontrol of the delivered content. Further, other uses for personalinformation data that benefit the user are also contemplated by thepresent disclosure.

The present disclosure further contemplates that the entitiesresponsible for the collection, analysis, disclosure, transfer, storage,or other use of such personal information data will comply withwell-established privacy policies and/or privacy practices. Inparticular, such entities should implement and consistently use privacypolicies and practices that are generally recognized as meeting orexceeding industry or governmental requirements for maintaining personalinformation data private and secure. For example, personal informationfrom users should be collected for legitimate and reasonable uses of theentity and not shared or sold outside of those legitimate uses. Further,such collection should occur only after receiving the informed consentof the users. Additionally, such entities would take any needed stepsfor safeguarding and securing access to such personal information dataand ensuring that others with access to the personal information dataadhere to their privacy policies and procedures. Further, such entitiescan subject themselves to evaluation by third parties to certify theiradherence to widely accepted privacy policies and practices.

Despite the foregoing, the present disclosure also contemplatesembodiments in which users selectively block the use of, or access to,personal information data. That is, the present disclosure contemplatesthat hardware and/or software elements can be provided to prevent orblock access to such personal information data. For example, in the caseof advertisement delivery services, the present technology can beconfigured to allow users to select to “opt in” or “opt out” ofparticipation in the collection of personal information data duringregistration for services. In another example, users can select not toprovide location information for targeted content delivery services. Inyet another example, users can select to not provide precise locationinformation, but permit the transfer of location zone information.

Therefore, although the present disclosure broadly covers use ofpersonal information data to implement one or more various disclosedembodiments, the present disclosure also contemplates that the variousembodiments can also be implemented without the need for accessing suchpersonal information data. That is, the various embodiments of thepresent technology are not rendered inoperable due to the lack of all ora portion of such personal information data. For example, content can beselected and delivered to users by inferring preferences based onnon-personal information data or a bare minimum amount of personalinformation, such as the content being requested by the deviceassociated with a user, other non-personal information available to thecontent delivery services, or publically available information.

1. A method, comprising: receiving, at a requesting device with adisplay, selection of one or more options; receiving, at the requestingdevice, selection of an option to proceed with an action associated withthe selected one or more options; transmitting, by the requestingdevice, a request to proceed with the action, wherein the requestincludes information about the selected one or more options; receiving,by an authenticating device with a display, the request to proceed withthe action; concurrently displaying, on the display of theauthenticating device: an indication of the request to proceed with theaction, the information about the selected one or more options, and anindication of the requesting device; displaying, on the display of theauthenticating device, a request for authorization to proceed with theaction; receiving, at the authenticating device, an input that isresponsive to the request for authorization to proceed with the action;transmitting, by the authenticating device, a response to the request toproceed with the action, the response to the request to proceed with theaction based on the input that is responsive to the request forauthorization to proceed with the action; receiving, by the requestingdevice, the response to the request to proceed with the action; inaccordance with a determination, at the requesting device, that theresponse to the request to proceed with the action indicates that theauthorization at the authenticating device was successful, displaying,on the display of the requesting device, an indication that theauthorization was successful; and in accordance with a determination, atthe requesting device, that the response to the request to proceed withthe action indicates that the authorization at the authenticating devicewas not successful, displaying, on the display of the requesting device,an indication that the authorization was not successful.
 2. The methodof claim 1, wherein the authenticating device includes hardwareconfigured to respond to the input that is responsive to the request forauthorization to proceed with the action and wherein the requestingdevice does not include the hardware.
 3. The method of claim 2, whereinthe action is creating a secure network connection between theauthenticating device and a remote server, the method furthercomprising: in response to determining, at the authenticating device,that the input that is responsive to the request for authorization toproceed with the action is consistent with input authorized to proceedwith the action, proceeding, by the authenticating device, with theaction using the hardware configured to respond to the input that isresponsive to the request for authorization to proceed with the action.4. The method of claim 2, wherein the action is creating a securenetwork connection between the requesting device and a remote server,the method further comprising: in response to determining, at theauthenticating device, that the input that is responsive to the requestfor authorization to proceed with the action is consistent with inputauthorized to proceed with the action, transmitting, by theauthenticating device, a token to the requesting device, the tokengenerated using hardware configured to respond to the input that isresponsive to the request for authorization to proceed with the action;receiving, at the requesting device, the token from the authenticatingdevice; and proceeding, by the requesting device, with the action usingthe token received from the authenticating device.
 5. The method ofclaim 1, wherein the indication of the requesting device includes agraphical representation of the requesting device.
 6. The method ofclaim 1, wherein the authenticating device is in a locked state whenreceiving, at the authenticating device, the input that is responsive tothe request for authorization to proceed with the action, the methodfurther comprising: in response to determining, at the authenticatingdevice, that the input that is responsive to the request forauthorization to proceed with the action is consistent with inputauthorized to proceed with the action, maintaining the authenticatingdevice in the locked state while transmitting, by the authenticatingdevice, the response to the request to proceed with the action, theresponse to the request to proceed with the action based on the input.7. The method of claim 1, wherein the requesting device is signed into aservice using an account when transmitting the request to proceed withthe action and the authenticating device is signed into the serviceusing the account when receiving the request to proceed with the action.8. The method of claim 1, further comprising: transmitting, by theauthenticating device, a token to a server, wherein the server uses thetoken to obtain a resource associated with the token.
 9. The method ofclaim 1, further comprising: transmitting, by the requesting device, atoken to a server, wherein the server uses the token to obtain aresource associated with the token.
 10. The method of claim 1, whereinthe authenticating device is a phone and the requesting device is atelevision device.
 11. The method of claim 1, wherein the authenticatingdevice is a phone and the requesting device is a computer.
 12. Themethod of claim 1, wherein the authenticating device is a wearabledevice and the requesting device is a television device.
 13. The methodof claim 1, wherein the authenticating device is a wearable device andthe requesting device is a computer.
 14. A system, comprising: arequesting device, including: a display; one or more processors; andmemory storing one or more programs, wherein the one or more programsare configured to be executed by the one or more processors, the one ormore programs including instructions for: receiving selection of one ormore options; receiving selection of an option to proceed with an actionassociated with the selected one or more options; transmitting a requestto proceed with the action, wherein the request includes informationabout the selected one or more options; receiving a response to therequest to proceed with the action; in accordance with a determinationthat the response to the request to proceed with the action indicatesthat the authorization at the authenticating device was successful,displaying, on the display, an indication that the authorization wassuccessful; and in accordance with a determination that the response tothe request to proceed with the action indicates that the authorizationat the authenticating device was not successful, displaying, on thedisplay, an indication that the authorization was not successful; and anauthenticating device, including: a display; one or more processors; andmemory storing one or more programs, wherein the one or more programsare configured to be executed by the one or more processors, the one ormore programs including instructions for: receiving the request toproceed with the action; concurrently displaying, on the display: anindication of the request to proceed with the action, the informationabout the selected one or more options, and an indication of therequesting device; displaying, on the display, a request forauthorization to proceed with the action; receiving an input that isresponsive to the request for authorization to proceed with the action;and transmitting the response to the request to proceed with the action,the response to the request to proceed with the action based on theinput that is responsive to the request for authorization to proceedwith the action.
 15. The system of claim 14, wherein the authenticatingdevice includes hardware configured to respond to the input that isresponsive to the request for authorization to proceed with the actionand wherein the requesting device does not include the hardware.
 16. Thesystem of claim 15, wherein the action is creating a secure networkconnection between the authenticating device and a remote server, thesystem further comprising: in response to determining, at theauthenticating device, that the input that is responsive to the requestfor authorization to proceed with the action is consistent with inputauthorized to proceed with the action, proceeding, by the authenticatingdevice, with the action using the hardware configured to respond to theinput that is responsive to the request for authorization to proceedwith the action.
 17. The system of claim 15, wherein the action iscreating a secure network connection between the requesting device and aremote server, the system further comprising: in response todetermining, at the authenticating device, that the input that isresponsive to the request for authorization to proceed with the actionis consistent with input authorized to proceed with the action,transmitting, by the authenticating device, a token to the requestingdevice, the token generated using hardware configured to respond to theinput that is responsive to the request for authorization to proceedwith the action; receiving, at the requesting device, the token from theauthenticating device; and proceeding, by the requesting device, withthe action using the token received from the authenticating device. 18.The system of claim 14, wherein the indication of the requesting deviceincludes a graphical representation of the requesting device.
 19. Thesystem of claim 14, wherein the authenticating device is in a lockedstate when receiving, at the authenticating device, the input that isresponsive to the request for authorization to proceed with the action,the system further comprising: in response to determining, at theauthenticating device, that the input that is responsive to the requestfor authorization to proceed with the action is consistent with inputauthorized to proceed with the action, maintaining the authenticatingdevice in the locked state while transmitting, by the authenticatingdevice, the response to the request to proceed with the action, theresponse to the request to proceed with the action based on the input.20. The system of claim 14, wherein the requesting device is signed intoa service using an account when transmitting the request to proceed withthe action and the authenticating device is signed into the serviceusing the account when receiving the request to proceed with the action.21. The system of claim 14, further comprising: transmitting, by theauthenticating device, a token to a server, wherein the server uses thetoken to obtain a resource associated with the token.
 22. The system ofclaim 14, further comprising: transmitting, by the requesting device, atoken to a server, wherein the server uses the token to obtain aresource associated with the token.
 23. The system of claim 14, whereinthe authenticating device is a phone and the requesting device is atelevision device.
 24. The system of claim 14, wherein theauthenticating device is a phone and the requesting device is acomputer.
 25. The system of claim 14, wherein the authenticating deviceis a wearable device and the requesting device is a television device.26. The system of claim 14, wherein the authenticating device is awearable device and the requesting device is a computer.